打印

系统时间还是2005不能改，附上spengps的log请高手帮忙看一下

dglemon

中级会员

Rank: 7 Rank: 7 Rank: 7

积分: 258
威望: 0 点
金币: 166 枚
银币: 916 枚

1楼大中小发表于 2007-12-16 23:20 只看该作者

系统时间还是2005不能改，附上spengps的log请高手帮忙看一下

用了killautoplus和usbcleaner查杀了不少毒，系统时间还是2005不能改，附上spengps的log请高手帮忙看一下


QUOTE:


[Copy to clipboard] [ - ]CODE:
2005-12-11,09:52:02

System Repair Engineer 2.5.16.900
Smallfrogs (http://www.KZTechs.com)

Windows XP Home Edition Service Pack 2 (Build 2600) - 管理权限用户 - 完整功能

以下内容被选中：
所有的启动项目（包括注册表、启动文件夹、服务等）
浏览器加载项
正在运行的进程（包括进程模块信息）
文件关联
Winsock 提供者
Autorun.inf
HOSTS 文件
进程特权扫描

启动项目
注册表
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
<NVIEW><; rundll32.exe nview.dll,nViewLoadHook>  [(Verified)Microsoft Windows Hardware Compatibility Publisher]
<H/PC Connection Agent><"C:\Program Files\Microsoft ActiveSync\wcescomm.exe">  [Microsoft Corporation]
<ctfmon.exe><C:\WINDOWS\system32\ctfmon.exe>  [(Verified)Microsoft Windows Publisher]
[HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows]
<load><>  [N/A]
<run><>  [N/A]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
<hpsysdrv><; c:\windows\system\hpsysdrv.exe>  [Hewlett-Packard Company]
<HotKeysCmds><; C:\WINDOWS\System32\hkcmd.exe>  [N/A]
<Recguard><; C:\WINDOWS\SMINST\RECGUARD.EXE>  []
<nwiz><; nwiz.exe /installquiet /keeploaded /nodetect>  [(Verified)Microsoft Windows Publisher]
<HT><; C:\WINDOWS\htqd.exe>  [World]
<IMSCMig><C:\PROGRA~1\COMMON~1\MICROS~1\IME\IMSC40A\IMSCMIG.EXE /Preload>  [(Verified)Microsoft Corporation]
<BigDogPath><; C:\WINDOWS\VM_STI.EXE 001 301P摄像头>  [N/A]
<KernelFaultCheck><%systemroot%\system32\dumprep 0 -k>  [N/A]
<SpIDerMail><"F:\Program Files\DrWeb\spiderml.exe">  [(Verified)Doctor Web Ltd.]
<GenProtect><C:\WINDOWS\GenProtect.exE>  []
<mppds><C:\WINDOWS\mppds.exe>  []
<Kvsc3><C:\WINDOWS\Kvsc3.exE>  []
<DbgHlp32><C:\WINDOWS\DbgHlp32.exe>  []
<NVDispDrv><C:\WINDOWS\NVDispDRV.EXE>  []
<MsPrint32D><C:\WINDOWS\MsPrint32D.exe>  []
<AVPSrv><C:\WINDOWS\AVPSrv.exE>  []
<cmdbcs><C:\WINDOWS\cmdbcs.exe>  []
<msccrt><C:\WINDOWS\msccrt.exe>  []
<LotusHlp><C:\WINDOWS\LotusHlp.exe>  []
<WinSysW><C:\WINDOWS\215366L.exe>  []
<PTSShell><C:\WINDOWS\PTSShell.exe>  []
<MsIMMs32><C:\WINDOWS\MsIMMs32.exE>  []
<upxdnd><C:\WINDOWS\upxdnd.exe>  []
<WinSysM><C:\WINDOWS\215366M.exe>  [N/A]
<Sysmppcvppp><"C:\WINDOWS\system32\Rundll32.exe" "C:\WINDOWS\system32\SysTdSvr.dll",Start>  []
<WinForm><C:\WINDOWS\WinForm.exE>  []
<kawdcaz><C:\WINDOWS\system32\kawdcaz.exe>  []
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run]
<comrepl32><C:\windows\system32\com\comrecfg.exe>  []
<czrsse0><rundll32 "C:\WINDOWS\Downlo~1\czrsse0.dll",start>  [Microsoft Corporation]
<x8z><rundll32 "C:\WINDOWS\Downlo~1\x8z.dll",Run>  [Microsoft Corporation]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
<shell><Explorer.exe vchelp.exe>  []
<Userinit><C:\WINDOWS\system32\userinit.exe,>  [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows]
<AppInit_DLLs><kvdxskma.dll>  []
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
<UIHost><logonui.exe>  [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
<{8A1247C1-53DA-FF43-ABD3-345F323A48D8}><C:\WINDOWS\system32\avwghmn.dll>  []
<{68847374-8323-FADC-B443-4732ABCD3786}><C:\WINDOWS\system32\sidjfzy.dll>  []
<{5598FF45-DA60-F48A-BC43-10AC47853D55}><C:\WINDOWS\system32\rarjepi.dll>  []
<{BD561258-45F3-A451-F908-A258458226DB}><C:\WINDOWS\system32\kvdxskma.dll>  []
<{B859245F-345D-BC13-AC4F-145D47DA34FB}><C:\WINDOWS\system32\avzxkmn.dll>  []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
<WinlogonNotify: WgaLogon><WgaLogon.dll>  [(Verified)Microsoft Corporation]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\>{26923b43-4d38-484f-9b9e-de460746276c}]
<Internet Explorer><%systemroot%\system32\shmgrate.exe OCInstallUserConfigIE>  [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\>{881dd1c5-3dcf-431b-b061-f3f88e8be88a}]
<Outlook Express><%systemroot%\system32\shmgrate.exe OCInstallUserConfigOE>  [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{2C7339CF-2B09-4501-B3F3-F3508C9228ED}]
<Themes Setup><%SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll>  [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{44BBA840-CC51-11CF-AAFA-00AA00B6015C}]
<Microsoft Outlook Express 6><"%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install>  [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{44BBA842-CC51-11CF-AAFA-00AA00B6015B}]
<NetMeeting 3.01><rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT>  [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{5945c046-1e7d-11d1-bc44-00c04fd912be}]
<Windows Messenger 4.7><rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser>  [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{6BF52A52-394A-11d3-B153-00C04F79FAA6}]
<Microsoft Windows Media Player><rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\wmp10.inf,PerUserStub>  [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{7790769C-0471-11d2-AF11-00C04FA35D02}]
<通讯簿 6><"%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install>  [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{8b15971b-5355-4c82-8c07-7e181ea07608}]
<Fax><rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\fxsocm.inf,Fax.Install.PerUser>  [(Verified)Microsoft Windows Publisher]

==================================
启动文件夹
[Adobe Gamma Loader]
  <C:\Documents and Settings\All Users\「开始」菜单\程序\启动\Adobe Gamma Loader.lnk --> C:\PROGRA~1\COMMON~1\Adobe\CALIBR~1\ADOBEG~1.EXE [Adobe Systems, Inc.]><H>
[腾讯QQ]
  <C:\Documents and Settings\所有者\「开始」菜单\程序\启动\腾讯QQ.lnk --> F:\PROGRA~1\QQ0823\QQ.exe [TENCENT]><N>

==================================
服务
[Application Management / AppMgmt][Stopped/Manual Start]
  <C:\WINDOWS\system32\svchost.exe -k netsvcs-->%SystemRoot%\System32\appmgmts.dll><N/A>
[Human Interface Device Access / HidServ][Stopped/Disabled]
  <C:\WINDOWS\System32\svchost.exe -k netsvcs-->%SystemRoot%\System32\hidserv.dll><N/A>
[ms_2fax / ms_2fax][Running/Auto Start]
  <C:\WINDOWS\system32\65311.exe><Microsoft Corporation>
[NVIDIA Driver Helper Service / NVSvc][Running/Auto Start]
  <C:\WINDOWS\System32\nvsvc32.exe><NVIDIA Corporation>
[Pml Driver HPZ12 / Pml Driver HPZ12][Stopped/Manual Start]
  <C:\WINDOWS\system32\HPZipm12.exe><N/A>
[ServicevcHelp / ServicevcHelp][Running/Auto Start]
  <C:\WINDOWS\system32\vcplay.exe><>
[svchost / svchost][Stopped/Auto Start]
  <C:\WINDOWS\system32\dllcache\svchost.exe -g><Microsoft Corporation>
[Windows Advanced Manager / wamer][Stopped/Auto Start]
  <"C:\Program Files\Microsoft Office\SYSTEM\dodolook_7591.exe"><N/A>

==================================
驱动程序
[2cimgu / 2cimgu][Running/Auto Start]
  <\??\C:\WINDOWS\system32\drivers\2cimgu.sys><N/A>
[Service for WDM 3D Audio Driver / ALCXSENS][Running/Manual Start]
  <system32\drivers\ALCXSENS.SYS><Sensaura Ltd>
[Service for Realtek AC97 Audio (WDM) / ALCXWDM][Running/Manual Start]
  <system32\drivers\ALCXWDM.SYS><Realtek Semiconductor Corp.>
[RAS Asynchronous Media Driver / AsyncMac][Running/Auto Start]
  <system32\DRIVERS\comint32.sys><N/A>
[ati2mtag / ati2mtag][Stopped/Manual Start]
  <System32\DRIVERS\ati2mtag.sys><ATI Technologies Inc.>
[bwelra6 / bwelra62][Running/Boot Start]
  <\SystemRoot\System32\DRIVERS\bwelra62.sys><N/A>
[Cdsys / Cdsys][Stopped/Manual Start]
  <\??\C:\WINDOWS\System32\cdcd.sys><N/A>
[comint32 / comint32][Running/Manual Start]
  <\??\C:\WINDOWS\system32\DRIVERS\comint32.sys><N/A>
[drvmcdb / drvmcdb][Running/Boot Start]
  <\SystemRoot\System32\DRIVERS\drvmcdb.sys><VERITAS Software, Inc.>
[3Com EtherLink XL 90XB/C Adapter Driver / EL90XBC][Stopped/Manual Start]
  <System32\DRIVERS\el90xbc5.sys><3Com Corporation>
[Hardlock / Hardlock][Running/Auto Start]
  <\??\C:\WINDOWS\system32\drivers\hardlock.sys><Aladdin Knowledge Systems Ltd.>
[HOOKAPI / HOOKAPI][Stopped/Auto Start]
  <\??\C:\PROGRAM FILES\RISING\RAV\HOOKAPI.SYS><N/A>
[IEEE-1284.4 Driver HPZid412 / HPZid412][Stopped/Manual Start]
  <System32\DRIVERS\HPZid412.sys><HP>
[Print Class Driver for IEEE-1284.4 HPZipr12 / HPZipr12][Stopped/Manual Start]
  <System32\DRIVERS\HPZipr12.sys><HP>
[USB to IEEE-1284.4 Translation Driver HPZius12 / HPZius12][Stopped/Manual Start]
  <System32\DRIVERS\HPZius12.sys><HP>
[HSFHWBS2 / HSFHWBS2][Running/Manual Start]
  <System32\DRIVERS\HSFHWBS2.sys><Conexant Systems, Inc.>
[HSF_DP / HSF_DP][Running/Manual Start]
  <System32\DRIVERS\HSF_DP.sys><Conexant Systems, Inc.>
[ialm / ialm][Stopped/Manual Start]
  <System32\DRIVERS\ialmnt5.sys><Intel Corporation>
[Intel(r) PC Camera CS630 Image Storage / icm10blk][Stopped/Manual Start]
  <System32\DRIVERS\icm10blk.sys><Intel Corporation>
[Intel(r) PC Camera CS630 / ICM10USB][Stopped/Manual Start]
  <System32\Drivers\ICM10USB.sys><Intel Corporation>
[ids0004C / ids0004C][Stopped/Manual Start]
  <\??\C:\Documents and Settings\All Users\Application Data\Kaspersky Anti-Virus Personal\5.0\bases\ids0004C.sys><N/A>
[ids0005c / ids0005c][Stopped/Manual Start]
  <\??\C:\Documents and Settings\All Users\Application Data\Kaspersky Anti-Virus Personal\5.0\bases\ids0005c.sys><N/A>
[ids00102 / ids00102][Stopped/Manual Start]
  <\??\C:\Documents and Settings\All Users\Application Data\Kaspersky Anti-Virus Personal\5.0\bases\ids00102.sys><N/A>
[ids00118 / ids00118][Stopped/Manual Start]
  <\??\C:\Documents and Settings\All Users\Application Data\Kaspersky Anti-Virus Personal\5.0\bases\ids00118.sys><N/A>
[ids0014f / ids0014f][Stopped/Manual Start]
  <\??\C:\Documents and Settings\All Users\Application Data\Kaspersky Anti-Virus Personal\5.0\bases\ids0014f.sys><N/A>
[ids0015d / ids0015d][Stopped/Manual Start]
  <\??\C:\Documents and Settings\All Users\Application Data\Kaspersky Anti-Virus Personal\5.0\bases\ids0015d.sys><N/A>
[ids00180 / ids00180][Stopped/Manual Start]
  <\??\C:\Documents and Settings\All Users\Application Data\Kaspersky Anti-Virus Personal\5.0\bases\ids00180.sys><N/A>
[ids0018a / ids0018a][Stopped/Manual Start]
  <\??\C:\Documents and Settings\All Users\Application Data\Kaspersky Anti-Virus Personal\5.0\bases\ids0018a.sys><N/A>
[mdmxsdk / mdmxsdk][Running/Auto Start]
  <System32\DRIVERS\mdmxsdk.sys><Conexant>
[New0 / New0][Running/Auto Start]
  <\??\C:\WINDOWS\System32\new.sys><N/A>
[Netgroup Packet Filter / NPF][Stopped/Manual Start]
  <system32\DRIVERS\npf.sys><CACE Technologies>
[npkcrypt / npkcrypt][Running/Auto Start]
  <\??\F:\Program Files\腾讯QQ\npkcrypt.sys><INCA Internet Co., Ltd.>
[npkycryp / npkycryp][Stopped/Manual Start]
  <\??\F:\Program Files\腾讯QQ\npkycryp.sys><N/A>
[nv / nv][Running/Manual Start]
  <System32\DRIVERS\nv4_mini.sys><NVIDIA Corporation>
[NVIDIA nForce AGP Bus Filter / nv_agp][Running/Boot Start]
  <\SystemRoot\System32\DRIVERS\nv_agp.sys><NVIDIA Corporation>
[Pcdr Helper Driver / PCDRDRV][Stopped/Manual Start]
  <\??\C:\PROGRA~1\PC-DOC~1\DIAGNO~1\PCDRDRV.sys><N/A>
[Padus ASPI Shell / pfc][Running/Manual Start]
  <system32\drivers\pfc.sys><Padus, Inc.>
[Ps2 / Ps2][Running/Manual Start]
  <System32\DRIVERS\PS2.sys><Hewlett-Packard Company>
[Direct Parallel Link Driver / Ptilink][Running/Manual Start]
  <System32\DRIVERS\ptilink.sys><Parallel Technologies, Inc.>
[PxHelp20 / PxHelp20][Running/Boot Start]
  <\SystemRoot\System32\DRIVERS\PxHelp20.sys><Sonic Solutions>
[Secdrv / Secdrv][Running/Auto Start]
  <System32\DRIVERS\secdrv.sys><N/A>
[Prolific Serial port driver / Ser2pl][Stopped/Manual Start]
  <system32\DRIVERS\ser2pl.sys><Prolific Technology Inc.>
[SiS315 / SiS315][Stopped/Manual Start]
  <System32\DRIVERS\sisgrp.sys><Silicon Integrated Systems Corporation>
[SiS AGP Filter / SISAGP][Running/Boot Start]
  <\SystemRoot\System32\DRIVERS\SISAGPX.sys><Silicon Integrated Systems Corporation>
[SiS PCI Fast Ethernet Adapter Driver / SISNIC][Running/Manual Start]
  <System32\DRIVERS\sisnic.sys><SiS Corporation>
[sjrv6 / sjrv6a][Running/Boot Start]
  <\SystemRoot\System32\DRIVERS\sjrv6a.sys><N/A>
[VCD VNC Virtual Network Adapter / vcddev][Stopped/Manual Start]
  <system32\DRIVERS\vcdvnic.sys><VNN B.J.>
[ViaIde / ViaIde][Stopped/Disabled]
  <\SystemRoot\System32\DRIVERS\viaide.sys><Microsoft Corporation>
[winachsf / winachsf][Running/Manual Start]
  <System32\DRIVERS\HSF_CNXT.sys><Conexant Systems, Inc.>
[WL / WL][Stopped/Manual Start]
  <\??\C:\DOCUME~1\所有者\LOCALS~1\Temp\tmp36.tmp><N/A>
[World Standard Teletext Codec / WSTCODEC][Stopped/Manual Start]
  <System32\DRIVERS\WSTCODEC.SYS><Microsoft Corporation>
[001 301P摄像头 / ZSMC301b][Stopped/Manual Start]
  <System32\Drivers\usbVM31b.sys><VM>
[Intel(R) Graphics Platform (SoftBIOS) Driver / {6080A529-897E-4629-A488-ABA0C29B635E}][Stopped/Manual Start]
  <system32\drivers\ialmsbw.sys><Intel Corporation>
[Intel(R) Graphics Chipset (KCH) Driver / {D31A0762-0CEB-444e-ACFF-B049A1F6FE91}][Stopped/Manual Start]
  <system32\drivers\ialmkchw.sys><Intel Corporation>

==================================
浏览器加载项
[ThunderAtOnce Class]
  {01443AEC-0FD1-40fd-9C87-E93D1494C233} <F:\Program Files\Thunder Network\Thunder\ComDlls\TDAtOnce_Now.dll, Thunder Networking Technologies,LTD>
[Thunder Browser Helper]
  {11F09AFC-75AD-4E51-AB43-E09E9351CE16} <F:\Program Files\Thunder Network\Thunder\ComDlls\xunleiBHO_Now.dll, Thunder Networking Technologies,LTD>
[CAdLogic Object]
  {11F09AFD-75AD-4E51-AB43-E09E9351CE16} <C:\Program Files\Common Files\CPUSH\cpush0.dll, >
[]
  {242F800B-2172-4659-A381-476B66E3DE2A} <C:\WINDOWS\system32\qgkacivpbfxbn.dll, >
[Info cache]
  {385AB8C6-FB22-4D17-8834-064E2BA0A6F0} <C:\Documents and Settings\All Users\Application Data\Microsoft\PCTools\pctools.dll, 金泰丰(广州)科技有限公司>
[Invoke Class]
  {5FB8C5D4-929F-4870-89E2-7E3EE26EE701} <C:\WINDOWS\system32\6651.dll, >
[SSBandLoader Class]
  {D3A3C954-41C2-4AA1-B011-9D9B0306AC23} <F:\Program Files\RichSpark\StockStarFuGui\SSBand\StockStarBand.dll, StockStar>
[AlxTB BHO Class]
  {F1FABE79-25FC-46de-8C5A-2C6DB9D64333} <C:\WINDOWS\system32\AlxTB1.dll, Alexa Internet>
[启动迅雷5]
  {09BA8F6D-CB54-424B-839C-C2A6C8E6B436} <F:\Program Files\Thunder Network\Thunder\Thunder.exe, Thunder Networking Technologies,LTD>
[信息检索(&R)]
  {92780B25-18CC-41C8-B9BE-3C9C571A8263} <F:\PROGRA~1\MICROS~1\OFFICE11\REFIEBAR.DLL, Microsoft Corporation>
[StockStarToolBand Class]
  {A2F82B60-F338-11D3-A74A-009027A7903D} <F:\Program Files\RichSpark\StockStarFuGui\SSBand\StockStarBand.dll, StockStar>
[@shdoclc.dll,-866]
  {c95fe080-8f5d-11d2-a20b-00aa003c157a} <, N/A>
[HP 工具箱]
  {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} <C:\HP\EXPLOREBAR\HPTOOLKT.DLL, Hewlett-Packard Company>
[StockStarToolBand Class]
  {000FCCCE-C733-11D3-A704-009027A7903D} <F:\Program Files\RichSpark\StockStarFuGui\SSBand\StockStarBand.dll, StockStar>
[Alexa]
  {3CEFF6CD-6F08-4e4d-BCCD-FF7415288C3B} <C:\WINDOWS\system32\SHDOCVW.DLL, Microsoft Corporation>
[Windows Genuine Advantage Validation Tool]
  {17492023-C23A-453E-A040-C7C580BBF700} <C:\WINDOWS\system32\LegitCheckControl.DLL, Microsoft Corporation>
[MUWebControl Class]
  {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} <C:\WINDOWS\system32\muweb.dll, Microsoft Corporation>
[Java Plug-in 1.3.1_07]
  {8AD9C840-044E-11D1-B3E9-00805F499D93} <f:\Program Files\JavaSoft\JRE\1.3.1_07\bin\npjava131_07.dll, JavaSoft / Sun Microsystems, Inc.>
[Java Plug-in 1.3.1_07]
  {CAFEEFAC-0013-0001-0007-ABCDEFFEDCBA} <f:\Program Files\JavaSoft\JRE\1.3.1_07\bin\npjava131_07.dll, JavaSoft / Sun Microsystems, Inc.>
[Shockwave Flash Object]
  {D27CDB6E-AE6D-11CF-96B8-444553540000} <C:\WINDOWS\system32\Macromed\Flash\Flash9b.ocx, Adobe Systems, Inc.>
[ThunderIEHelper Class]
  {0005A87D-D626-4B3A-84F9-1D9571695F55} <C:\WINDOWS\system32\xunleibho_v14.dll, N/A>
[StockStarToolBand Class]
  {000FCCCE-C733-11D3-A704-009027A7903D} <F:\Program Files\RichSpark\StockStarFuGui\SSBand\StockStarBand.dll, StockStar>
[ThunderAtOnce Class]
  {01443AEC-0FD1-40FD-9C87-E93D1494C233} <F:\Program Files\Thunder Network\Thunder\ComDlls\TDAtOnce_Now.dll, Thunder Networking Technologies,LTD>
[AcroIEHlprObj Class]
  {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} <C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx, N/A>
[Web Browser Applet Control]
  {08B0E5C0-4FCB-11CF-AAA5-00401C608501} <C:\WINDOWS\System32\msjava.dll, Microsoft Corporation>
[Thunder Browser Helper]
  {0FA24E3D-422C-4D94-A125-104F32352C90} <F:\Program Files\Thunder Network\Thunder\ComDlls\xunleiBHO_Now.dll, Thunder Networking Technologies,LTD>
[Promote Class]
  {0FA24E3E-422C-4D94-A125-104F32352C90} <C:\WINDOWS\system32\promote.dll, >
[Thunder Browser Helper]
  {11F09AFC-75AD-4E51-AB43-E09E9351CE16} <F:\Program Files\Thunder Network\Thunder\ComDlls\xunleiBHO_Now.dll, Thunder Networking Technologies,LTD>
[CAdLogic Object]
  {11F09AFD-75AD-4E51-AB43-E09E9351CE16} <C:\Program Files\Common Files\CPUSH\cpush0.dll, >
[Windows Genuine Advantage Validation Tool]
  {17492023-C23A-453E-A040-C7C580BBF700} <C:\WINDOWS\system32\LegitCheckControl.DLL, Microsoft Corporation>
[Windows Media Player]
  {22D6F312-B0F6-11D0-94AB-0080C74C7E95} <C:\WINDOWS\system32\wmpdxm.dll, Microsoft Corporation>
[]
  {242F800B-2172-4659-A381-476B66E3DE2A} <C:\WINDOWS\system32\qgkacivpbfxbn.dll, >
[HTML Document]
  {25336920-03F9-11CF-8FD0-00AA00686F13} <%SystemRoot%\system32\mshtml.dll, N/A>
[DHTML Edit Control Safe for Scripting for IE5]
  {2D360201-FFF5-11D1-8D03-00A0C959BC0A} <C:\Program Files\Common Files\Microsoft Shared\Triedit\dhtmled.ocx, Microsoft Corporation>
[WebThunder DapPlayer]
  {2EEDA47E-8D5C-4d7e-B4B6-E16E19218555} <F:\Program Files\webxl\DownAndPlay\DapPlayer3.0.11.17.dll, N/A>
[Tabular Data Control]
  {333C7BC4-460F-11D0-BC04-0080C7055A83} <C:\WINDOWS\system32\tdc.ocx, Microsoft Corporation>
[Info cache]
  {385AB8C6-FB22-4D17-8834-064E2BA0A6F0} <C:\Documents and Settings\All Users\Application Data\Microsoft\PCTools\pctools.dll, 金泰丰(广州)科技有限公司>
[同花顺]
  {39852EFE-325B-45EF-9A60-3DBECD2DDDD5} <, N/A>
[Alexa]
  {3CEFF6CD-6F08-4E4D-BCCD-FF7415288C3B} <C:\WINDOWS\system32\SHDOCVW.DLL, Microsoft Corporation>
[超级兔子上网精灵]
  {43869BB3-22FD-4F15-9B46-238106BA2F4E} <, N/A>
[XML Document]
  {48123BC4-99D9-11D1-A6B3-00C04FD91555} <%SystemRoot%\System32\msxml3.dll, N/A>
[Thunder Agent Class]
  {485463B7-8FB2-4B3B-B29B-8B919B0EACCE} <F:\Program Files\Thunder Network\Thunder\ComDlls\ThunderAgent_Now.dll, Thunder Networking Technologies,LTD>
[HHCtrl Object]
  {52A2AAAE-085D-4187-97EA-8C30DB990436} <C:\WINDOWS\system32\hhctrl.ocx, Microsoft Corporation>
[Hssdtobj Class]
  {5D15CEAC-3B27-4863-AAEA-93A4C8A6C57D} <C:\WINDOWS\system32\hssdtobm.dll, 易易加速科技有限公司>
[Invoke Class]
  {5FB8C5D4-929F-4870-89E2-7E3EE26EE701} <C:\WINDOWS\system32\6651.dll, >
[WUWebControl Class]
  {6414512B-B978-451D-A0D8-FCFDF33E833C} <C:\WINDOWS\system32\wuweb.dll, Microsoft Corporation>
[XMP Class]
  {6483F145-A768-4C41-AACC-52D4D7845851} <C:\Documents and Settings\All Users\Application Data\Thunder Network\KanKan\xplayer.dll_1_work, >
[Microsoft 外壳 UI 帮助程序]
  {64AB4BB7-111E-11D1-8F79-00C04FC2FBE1} <%SystemRoot%\System32\shdocvw.dll, N/A>
[XDRM]
  {693571CB-54A3-4E90-9D52-EEAE1334E2D3} <C:\Documents and Settings\All Users\Application Data\Thunder Network\KanKan\xdrm.dll_1_work, >
[Windows Media Player]
  {6BF52A52-394A-11D3-B153-00C04F79FAA6} <C:\WINDOWS\system32\wmp.dll, Microsoft Corporation>
[MUWebControl Class]
  {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} <C:\WINDOWS\system32\muweb.dll, Microsoft Corporation>
[Active Desktop Mover]
  {72267F6A-A6F9-11D0-BC94-00C04FB67863} <%SystemRoot%\system32\SHELL32.dll, N/A>
[超级兔子上网精灵]
  {7369D35A-5B70-4A5B-B789-B25FE09B4AF3} <, N/A>
[MediaComm Class]
  {7670648D-461B-42AF-BDFE-46D26AF5EFF2} <F:\Program Files\Thunder Network\Thunder\Components\InMedia\MediaAddin13.dll, Thunder Networking Technologies,LTD>
[Microsoft Web 浏览器]
  {8856F961-340A-11D0-A96B-00C04FD705A2} <C:\WINDOWS\System32\shdocvw.dll, Microsoft Corporation>
[Thunder Browser Helper]
  {889D2FEB-5411-4565-8998-1DD2C5261283} <F:\Program Files\Thunder Network\Thunder\ComDlls\xunleiBHO_Now.dll, Thunder Networking Technologies,LTD>
[RMGetLicense Class]
  {A9FC132B-096D-460B-B7D5-1DB0FAE0C062} <C:\WINDOWS\system32\msnetobj.dll, Microsoft Corporation>
[Qzone Media Tools]
  {AC3A36A8-9BFF-410A-A33D-2279FFEB69D2} <F:\PROGRA~1\QQ0823\VQQPLA~1.OCX, Tencent Technology (Shenzhen) Company Limited>
[Microsoft Scriptlet Component]
  {AE24FDAE-03C6-11D1-8B76-0080C744F389} <C:\WINDOWS\system32\mshtml.dll, Microsoft Corporation>
[HP 工具箱]
  {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} <C:\HP\EXPLOREBAR\HPTOOLKT.DLL, Hewlett-Packard Company>
[CxLeft Object]
  {B437B7E2-B769-4F90-A2AD-FF5520637977} <C:\Program Files\Alexacn\Alexacn.dll, N/A>
[SearchAssistantOC]
  {B45FF030-4447-11D2-85DE-00C04FA35C89} <%SystemRoot%\System32\shdocvw.dll, N/A>
[RDS.DataSpace]
  {BD96C556-65A3-11D0-983A-00C04FC29E36} <C:\Program Files\Common Files\System\msadc\msadco.dll, Microsoft Corporation>
[AUDIO__MP3 Moniker Class]
  {CD3AFA76-B84F-48F0-9393-7EDC34128127} <C:\WINDOWS\system32\wmp.dll, Microsoft Corporation>
[AUDIO__X_MS_WMA Moniker Class]
  {CD3AFA84-B84F-48F0-9393-7EDC34128127} <C:\WINDOWS\system32\wmp.dll, Microsoft Corporation>
[RealPlayer G2 Control]
  {CFCDAA03-8BE4-11CF-B84B-0020AFBBCCFA} <C:\WINDOWS\System32\rmoc3260.dll, RealNetworks, Inc.>
[Shockwave Flash Object]
  {D27CDB6E-AE6D-11CF-96B8-444553540000} <C:\WINDOWS\system32\Macromed\Flash\Flash9b.ocx, Adobe Systems, Inc.>
[SSBandLoader Class]
  {D3A3C954-41C2-4AA1-B011-9D9B0306AC23} <F:\Program Files\RichSpark\StockStarFuGui\SSBand\StockStarBand.dll, StockStar>
[Messenger Class]
  {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} <, N/A>
[Vod Class]
  {EEDD6FF9-13DE-496B-9A1C-D78B3215E266} <F:\Program Files\Thunder Network\Thunder\Components\DownAndPlay\DapPlayer_Now.dll, XunLei>
[AlxTB BHO Class]
  {F1FABE79-25FC-46DE-8C5A-2C6DB9D64333} <C:\WINDOWS\system32\AlxTB1.dll, Alexa Internet>
[Runclose Control]
  {F31D1897-7EFD-4647-8687-E05894E382AB} <C:\WINDOWS\System32\runclose.ocx, Hewlett-Packard Company>
[XPPlayer Class]
  {F3E70CEA-956E-49CC-B444-73AFE593AD7F} <C:\Documents and Settings\All Users\Application Data\Thunder Network\KanKan\pplayer.dll_1_work, Thunder>
[Alexa Web Search]
  <http://client.alexa.com/holiday/script/actions/search.htm, N/A>
[Get Alexa Data]
  <http://client.alexa.com/holiday/script/actions/sitedata.htm, N/A>
[Mail to a Friend...]
  <http://client.alexa.com/holiday/script/actions/mailto.htm, N/A>
[See Related Links]
  <http://client.alexa.com/holiday/script/actions/related.htm, N/A>
[Write a Review...]
  <http://client.alexa.com/holiday/script/actions/review.htm, N/A>
[使用迅雷下载]
  <F:\Program Files\Thunder Network\Thunder\Program\geturl.htm, N/A>
[使用迅雷下载全部链接]
  <F:\Program Files\Thunder Network\Thunder\Program\getallurl.htm, N/A>
[添加到QQ表情]
  <F:\Program Files\QQ0823\AddEmotion.htm, N/A>

==================================
正在运行的进程
[PID: 456 / SYSTEM][\SystemRoot\System32\smss.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 520 / SYSTEM][\??\C:\WINDOWS\system32\csrss.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 552 / SYSTEM][\??\C:\WINDOWS\system32\winlogon.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\WINDOWS\system32\kvdxskma.dll]  [N/A, ]
[C:\WINDOWS\system32\SOGOUPY.IME]  [Sohu.com Inc., 3, 0, 0, 0]
[C:\WINDOWS\system32\dllMergeDict.dll]  [Sogou.com Inc., 3, 0, 0, 0]
[F:\Program Files\SogouInput\Plugin\SgImeWord.dll]  [, 1, 0, 0, 31]
[C:\WINDOWS\system32\svchost.dll]  [Microsoft Corporation, ]
[PID: 600 / SYSTEM][C:\WINDOWS\system32\services.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\WINDOWS\system32\kvdxskma.dll]  [N/A, ]
[PID: 612 / SYSTEM][C:\WINDOWS\system32\lsass.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\WINDOWS\system32\kvdxskma.dll]  [N/A, ]
[C:\WINDOWS\system32\DRWEBSP.DLL]  [Doctor Web, Ltd., 4.44.0.11210]
[PID: 780 / SYSTEM][C:\WINDOWS\system32\svchost.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\WINDOWS\system32\kvdxskma.dll]  [N/A, ]
[PID: 860 / NETWORK SERVICE][C:\WINDOWS\system32\svchost.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\WINDOWS\system32\kvdxskma.dll]  [N/A, ]
[C:\WINDOWS\system32\qdshm.dll]  [N/A, ]
[C:\WINDOWS\system32\DRWEBSP.DLL]  [Doctor Web, Ltd., 4.44.0.11210]
[PID: 940 / SYSTEM][C:\WINDOWS\System32\svchost.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\WINDOWS\System32\kvdxskma.dll]  [N/A, ]
[C:\WINDOWS\system32\DRWEBSP.DLL]  [Doctor Web, Ltd., 4.44.0.11210]
[C:\WINDOWS\system32\qdshm.dll]  [N/A, ]
[PID: 1012 / NETWORK SERVICE][C:\WINDOWS\System32\svchost.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\WINDOWS\System32\kvdxskma.dll]  [N/A, ]
[C:\WINDOWS\system32\DRWEBSP.DLL]  [Doctor Web, Ltd., 4.44.0.11210]
[PID: 1104 / LOCAL SERVICE][C:\WINDOWS\System32\svchost.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\WINDOWS\System32\kvdxskma.dll]  [N/A, ]
[PID: 1304 / SYSTEM][C:\WINDOWS\system32\spoolsv.exe]  [Microsoft Corporation, 5.1.2600.2696 (xpsp_sp2_gdr.050610-1519)]
[C:\WINDOWS\system32\kvdxskma.dll]  [N/A, ]
[C:\WINDOWS\system32\hpzsnt07.dll]  [HP, 2,140,0,0]
[C:\WINDOWS\system32\hpzsnt09.dll]  [HP, 2.236.1.0]
[PID: 1576 / 所有者][C:\WINDOWS\Explorer.exe]  [Microsoft Corporation, 6.00.2900.3156 (xpsp_sp2_gdr.070613-1234)]
[C:\WINDOWS\system32\kvdxskma.dll]  [N/A, ]
[C:\WINDOWS\system32\SOGOUPY.IME]  [Sohu.com Inc., 3, 0, 0, 0]
[C:\WINDOWS\system32\dllMergeDict.dll]  [Sogou.com Inc., 3, 0, 0, 0]
[F:\Program Files\SogouInput\Plugin\SgImeWord.dll]  [, 1, 0, 0, 31]
[C:\WINDOWS\system32\avwghmn.dll]  [N/A, ]
[C:\WINDOWS\system32\avzxkmn.dll]  [N/A, ]
[C:\WINDOWS\system32\rarjepi.dll]  [N/A, ]
[C:\WINDOWS\system32\sidjfzy.dll]  [N/A, ]
[C:\WINDOWS\system32\j59a5r.dll]  [N/A, ]
[C:\WINDOWS\system32\svchost.dll]  [Microsoft Corporation, ]
[C:\WINDOWS\Downlo~1\x8z.dll]  [Microsoft Corporation, 5, 3, 2600, 2180]
[C:\WINDOWS\Downlo~1\czrsse0.dll]  [Microsoft Corporation, 5, 3, 2600, 2180]
[C:\WINDOWS\system32\mppds.dll]  [N/A, ]
[C:\WINDOWS\215366WL.DLL]  [N/A, ]
[C:\WINDOWS\system32\LotusHlp.dll]  [N/A, ]
[C:\WINDOWS\system32\kawdcaz.dat]  [N/A, ]
[C:\WINDOWS\system32\upxdnd.dll]  [N/A, ]
[C:\WINDOWS\system32\qdshm.dll]  [N/A, ]
[C:\WINDOWS\system32\vcshow.dll]  [, 1.1.1.443]
[C:\WINDOWS\system32\msccrt.dll]  [N/A, ]
[C:\WINDOWS\system32\WinForm.dll]  [N/A, ]
[C:\WINDOWS\system32\NVDispDrv.dll]  [N/A, ]
[C:\WINDOWS\system32\cmdbcs.dll]  [N/A, ]
[C:\WINDOWS\system32\GenProtect.dll]  [N/A, ]
[C:\WINDOWS\system32\Kvsc3.dll]  [N/A, ]
[C:\WINDOWS\system32\DbgHlp32.dll]  [N/A, ]
[C:\WINDOWS\system32\AVPSrv.dll]  [N/A, ]
[C:\WINDOWS\system32\PTSShell.dll]  [N/A, ]
[C:\WINDOWS\system32\MsIMMs32.dll]  [N/A, ]
[C:\WINDOWS\system32\MsPrint32D.dll]  [N/A, ]
[C:\WINDOWS\system32\addrtlhelp.dll]  [N/A, ]
[C:\WINDOWS\system32\DRWEBSP.DLL]  [Doctor Web, Ltd., 4.44.0.11210]
[C:\WINDOWS\Microsoft.NET\Framework\v1.0.3705\mscorie.dll]  [Microsoft Corporation, 1.0.3705.6060]
[C:\WINDOWS\Microsoft.NET\Framework\v1.0.3705\MSVCR70.dll]  [Microsoft Corporation, 7.00.9466.0]
[F:\Program Files\Thunder Network\Thunder\ComDlls\TDAtOnce_Now.dll]  [Thunder Networking Technologies,LTD, 1.0.2.9]
[F:\Program Files\Thunder Network\Thunder\ComDlls\xunleiBHO_Now.dll]  [Thunder Networking Technologies,LTD, 5, 0, 3, 11]
[F:\Program Files\Thunder Network\Thunder\Components\ResWorker\DsBho_00.dll]  [, 1, 0, 0, 4]
[F:\Program Files\Thunder Network\Thunder\Components\ResWorker\DataProcessor_00.dll]  [Thunder Networking Technologies,LTD, 1, 0, 0, 6]
[C:\WINDOWS\system32\qgkacivpbfxbn.dll]  [, 1.0.0.0]
[C:\WINDOWS\system32\6651.dll]  [, 1, 0, 0, 2]
[C:\WINDOWS\system32\AlxTB1.dll]  [Alexa Internet, 7, 2, 0, 2]
[PID: 1608 / 所有者][C:\WINDOWS\system32\ctfmon.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\WINDOWS\system32\kvdxskma.dll]  [N/A, ]
[C:\WINDOWS\system32\SOGOUPY.IME]  [Sohu.com Inc., 3, 0, 0, 0]
[C:\WINDOWS\system32\dllMergeDict.dll]  [Sogou.com Inc., 3, 0, 0, 0]
[F:\Program Files\SogouInput\Plugin\SgImeWord.dll]  [, 1, 0, 0, 31]
[C:\WINDOWS\system32\mppds.dll]  [N/A, ]
[C:\WINDOWS\system32\LotusHlp.dll]  [N/A, ]
[C:\WINDOWS\system32\upxdnd.dll]  [N/A, ]
[C:\WINDOWS\system32\msccrt.dll]  [N/A, ]
[C:\WINDOWS\system32\WinForm.dll]  [N/A, ]
[C:\WINDOWS\system32\NVDispDrv.dll]  [N/A, ]
[C:\WINDOWS\system32\cmdbcs.dll]  [N/A, ]
[C:\WINDOWS\system32\GenProtect.dll]  [N/A, ]
[C:\WINDOWS\system32\Kvsc3.dll]  [N/A, ]
[C:\WINDOWS\system32\DbgHlp32.dll]  [N/A, ]
[C:\WINDOWS\system32\AVPSrv.dll]  [N/A, ]
[C:\WINDOWS\system32\PTSShell.dll]  [N/A, ]
[C:\WINDOWS\system32\MsPrint32D.dll]  [N/A, ]
[PID: 1732 / SYSTEM][C:\WINDOWS\system32\65311.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\WINDOWS\system32\kvdxskma.dll]  [N/A, ]
[C:\WINDOWS\system32\addrTLhelp.dll]  [N/A, ]
[C:\WINDOWS\system32\GDMSI32.dll]  [N/A, ]
[C:\WINDOWS\system32\GDCQI32.dll]  [N/A, ]
[C:\WINDOWS\system32\GDWLI32.dll]  [N/A, ]
[C:\WINDOWS\system32\GDQQHXI32.dll]  [N/A, ]
[C:\WINDOWS\system32\GDJZI32.dll]  [N/A, ]
[C:\WINDOWS\system32\GDQQSGI32.dll]  [N/A, ]
[C:\WINDOWS\system32\GDZYHXI32.dll]  [N/A, ]
[PID: 1904 / SYSTEM][C:\WINDOWS\System32\nvsvc32.exe]  [NVIDIA Corporation, 6.14.01.4303]
[C:\WINDOWS\System32\addrTLhelp.dll]  [N/A, ]
[C:\WINDOWS\System32\GDMSI32.dll]  [N/A, ]
[C:\WINDOWS\System32\GDCQI32.dll]  [N/A, ]
[C:\WINDOWS\System32\GDWLI32.dll]  [N/A, ]
[C:\WINDOWS\System32\GDQQHXI32.dll]  [N/A, ]
[C:\WINDOWS\System32\GDJZI32.dll]  [N/A, ]
[C:\WINDOWS\System32\GDQQSGI32.dll]  [N/A, ]
[C:\WINDOWS\System32\GDZYHXI32.dll]  [N/A, ]
[C:\WINDOWS\system32\SOGOUPY.IME]  [Sohu.com Inc., 3, 0, 0, 0]
[C:\WINDOWS\System32\dllMergeDict.dll]  [Sogou.com Inc., 3, 0, 0, 0]
[F:\Program Files\SogouInput\Plugin\SgImeWord.dll]  [, 1, 0, 0, 31]
[C:\WINDOWS\system32\kvdxskma.dll]  [N/A, ]
[PID: 124 / SYSTEM][C:\WINDOWS\system32\vcplay.exe]  [, 1.0.0.5]
[C:\WINDOWS\system32\addrTLhelp.dll]  [N/A, ]
[C:\WINDOWS\system32\GDMSI32.dll]  [N/A, ]
[C:\WINDOWS\system32\GDCQI32.dll]  [N/A, ]
[C:\WINDOWS\system32\GDWLI32.dll]  [N/A, ]
[C:\WINDOWS\system32\GDQQHXI32.dll]  [N/A, ]
[C:\WINDOWS\system32\GDJZI32.dll]  [N/A, ]
[C:\WINDOWS\system32\GDQQSGI32.dll]  [N/A, ]
[C:\WINDOWS\system32\GDZYHXI32.dll]  [N/A, ]
[C:\WINDOWS\system32\SOGOUPY.IME]  [Sohu.com Inc., 3, 0, 0, 0]
[C:\WINDOWS\system32\dllMergeDict.dll]  [Sogou.com Inc., 3, 0, 0, 0]
[F:\Program Files\SogouInput\Plugin\SgImeWord.dll]  [, 1, 0, 0, 31]
[C:\WINDOWS\system32\kvdxskma.dll]  [N/A, ]
[PID: 372 / SYSTEM][C:\WINDOWS\System32\svchost.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\WINDOWS\System32\rarjepi.dll]  [N/A, ]
[C:\WINDOWS\System32\addrTLhelp.dll]  [N/A, ]
[C:\WINDOWS\System32\GDMSI32.dll]  [N/A, ]
[C:\WINDOWS\System32\GDCQI32.dll]  [N/A, ]
[C:\WINDOWS\System32\GDWLI32.dll]  [N/A, ]
[C:\WINDOWS\System32\GDQQHXI32.dll]  [N/A, ]
[C:\WINDOWS\System32\GDJZI32.dll]  [N/A, ]
[C:\WINDOWS\System32\GDQQSGI32.dll]  [N/A, ]
[C:\WINDOWS\System32\GDZYHXI32.dll]  [N/A, ]
[PID: 1448 / LOCAL SERVICE][C:\WINDOWS\system32\wdfmgr.exe]  [Microsoft Corporation, 5.2.3790.1230 built by: DNSRV(bld4act)]
[C:\WINDOWS\system32\kvdxskma.dll]  [N/A, ]
[C:\WINDOWS\system32\addrTLhelp.dll]  [N/A, ]
[C:\WINDOWS\system32\GDMSI32.dll]  [N/A, ]
[C:\WINDOWS\system32\GDCQI32.dll]  [N/A, ]
[C:\WINDOWS\system32\GDWLI32.dll]  [N/A, ]
[C:\WINDOWS\system32\GDQQHXI32.dll]  [N/A, ]
[C:\WINDOWS\system32\GDJZI32.dll]  [N/A, ]
[C:\WINDOWS\system32\GDQQSGI32.dll]  [N/A, ]
[C:\WINDOWS\system32\GDZYHXI32.dll]  [N/A, ]
[PID: 4020 / 所有者][C:\WINDOWS\system32\Rundll32.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\WINDOWS\system32\addrTLhelp.dll]  [N/A, ]
[C:\WINDOWS\system32\GDMSI32.dll]  [N/A, ]
[C:\WINDOWS\system32\GDCQI32.dll]  [N/A, ]
[C:\WINDOWS\system32\GDWLI32.dll]  [N/A, ]
[C:\WINDOWS\system32\GDQQHXI32.dll]  [N/A, ]
[C:\WINDOWS\system32\GDJZI32.dll]  [N/A, ]
[C:\WINDOWS\system32\GDQQSGI32.dll]  [N/A, ]
[C:\WINDOWS\system32\GDZYHXI32.dll]  [N/A, ]
[C:\WINDOWS\system32\SysTdSvr.dll]  [N/A, ]
[C:\WINDOWS\system32\SOGOUPY.IME]  [Sohu.com Inc., 3, 0, 0, 0]
[C:\WINDOWS\system32\dllMergeDict.dll]  [Sogou.com Inc., 3, 0, 0, 0]
[F:\Program Files\SogouInput\Plugin\SgImeWord.dll]  [, 1, 0, 0, 31]
[c:\windows\system32\cwebpage.dll]  [N/A, ]
[C:\WINDOWS\system32\kvdxskma.dll]  [N/A, ]
[C:\WINDOWS\system32\WinForm.dll]  [N/A, ]
[C:\WINDOWS\system32\NVDispDrv.dll]  [N/A, ]
[C:\WINDOWS\system32\cmdbcs.dll]  [N/A, ]
[C:\WINDOWS\system32\GenProtect.dll]  [N/A, ]
[C:\WINDOWS\system32\Kvsc3.dll]  [N/A, ]
[C:\WINDOWS\system32\DbgHlp32.dll]  [N/A, ]
[C:\WINDOWS\system32\AVPSrv.dll]  [N/A, ]
[C:\WINDOWS\system32\PTSShell.dll]  [N/A, ]
[C:\WINDOWS\system32\MsPrint32D.dll]  [N/A, ]
[C:\WINDOWS\system32\msccrt.dll]  [N/A, ]
[C:\WINDOWS\system32\upxdnd.dll]  [N/A, ]
[C:\WINDOWS\system32\LotusHlp.dll]  [N/A, ]
[C:\WINDOWS\system32\mppds.dll]  [N/A, ]
[PID: 4252 / 所有者][C:\Program Files\Microsoft ActiveSync\wcescomm.exe]  [Microsoft Corporation, 4.1.4841.0]
[C:\WINDOWS\system32\CEUTIL.dll]  [Microsoft Corporation, 4.1.4841.0]
[C:\WINDOWS\system32\MSVCR71.dll]  [Microsoft Corporation, 7.10.3052.4]
[C:\WINDOWS\system32\RAPI.dll]  [Microsoft Corporation, 4.1.4841.0]
[C:\Program Files\Microsoft ActiveSync\TCP2UDP.dll]  [Microsoft Corporation, 4.1.4841.0]
[C:\WINDOWS\system32\kvdxskma.dll]  [N/A, ]
[C:\WINDOWS\system32\addrTLhelp.dll]  [N/A, ]
[C:\WINDOWS\system32\GDMSI32.dll]  [N/A, ]
[C:\WINDOWS\system32\GDCQI32.dll]  [N/A, ]
[C:\WINDOWS\system32\GDWLI32.dll]  [N/A, ]
[C:\WINDOWS\system32\GDQQHXI32.dll]  [N/A, ]
[C:\WINDOWS\system32\GDJZI32.dll]  [N/A, ]
[C:\WINDOWS\system32\GDQQSGI32.dll]  [N/A, ]
[C:\WINDOWS\system32\GDZYHXI32.dll]  [N/A, ]
[C:\WINDOWS\system32\qdshm.dll]  [N/A, ]
[C:\WINDOWS\system32\DRWEBSP.DLL]  [Doctor Web, Ltd., 4.44.0.11210]
[C:\WINDOWS\system32\SOGOUPY.IME]  [Sohu.com Inc., 3, 0, 0, 0]
[C:\WINDOWS\system32\dllMergeDict.dll]  [Sogou.com Inc., 3, 0, 0, 0]
[F:\Program Files\SogouInput\Plugin\SgImeWord.dll]  [, 1, 0, 0, 31]
[C:\Program Files\Microsoft ActiveSync\rapiproxystub.dll]  [N/A, ]
[C:\WINDOWS\system32\upxdnd.dll]  [N/A, ]
[C:\WINDOWS\system32\LotusHlp.dll]  [N/A, ]
[C:\WINDOWS\system32\mppds.dll]  [N/A, ]
[C:\Program Files\Microsoft ActiveSync\dtptdns.dll]  [Microsoft Corporation, 4.1.4841.0]
[C:\WINDOWS\system32\WinForm.dll]  [N/A, ]
[C:\WINDOWS\system32\NVDispDrv.dll]  [N/A, ]
[C:\WINDOWS\system32\cmdbcs.dll]  [N/A, ]
[C:\WINDOWS\system32\GenProtect.dll]  [N/A, ]
[C:\WINDOWS\system32\Kvsc3.dll]  [N/A, ]
[C:\WINDOWS\system32\DbgHlp32.dll]  [N/A, ]
[C:\WINDOWS\system32\AVPSrv.dll]  [N/A, ]
[C:\WINDOWS\system32\PTSShell.dll]  [N/A, ]
[C:\WINDOWS\system32\MsPrint32D.dll]  [N/A, ]
[C:\WINDOWS\system32\msccrt.dll]  [N/A, ]
[PID: 5720 / 所有者][C:\PROGRA~1\MICROS~2\rapimgr.exe]  [Microsoft Corporation, 4.1.4841.0]
[C:\WINDOWS\system32\CEUTIL.dll]  [Microsoft Corporation, 4.1.4841.0]
[C:\WINDOWS\system32\MSVCR71.dll]  [Microsoft Corporation, 7.10.3052.4]
[C:\PROGRA~1\MICROS~2\MSVCP71.dll]  [Microsoft Corporation, 7.10.3077.0]
[C:\WINDOWS\system32\kvdxskma.dll]  [N/A, ]
[C:\WINDOWS\system32\addrTLhelp.dll]  [N/A, ]
[C:\WINDOWS\system32\GDMSI32.dll]  [N/A, ]
[C:\WINDOWS\system32\GDCQI32.dll]  [N/A, ]
[C:\WINDOWS\system32\GDWLI32.dll]  [N/A, ]
[C:\WINDOWS\system32\GDQQHXI32.dll]  [N/A, ]
[C:\WINDOWS\system32\GDJZI32.dll]  [N/A, ]
[C:\WINDOWS\system32\GDQQSGI32.dll]  [N/A, ]
[C:\WINDOWS\system32\GDZYHXI32.dll]  [N/A, ]
[C:\WINDOWS\system32\SOGOUPY.IME]  [Sohu.com Inc., 3, 0, 0, 0]
[C:\WINDOWS\system32\dllMergeDict.dll]  [Sogou.com Inc., 3, 0, 0, 0]
[F:\Program Files\SogouInput\Plugin\SgImeWord.dll]  [, 1, 0, 0, 31]
[C:\Program Files\Microsoft ActiveSync\rapiproxystub.dll]  [N/A, ]
[C:\WINDOWS\system32\qdshm.dll]  [N/A, ]
[C:\WINDOWS\system32\DRWEBSP.DLL]  [Doctor Web, Ltd., 4.44.0.11210]
[C:\WINDOWS\system32\WinForm.dll]  [N/A, ]
[C:\WINDOWS\system32\NVDispDrv.dll]  [N/A, ]
[C:\WINDOWS\system32\cmdbcs.dll]  [N/A, ]
[C:\WINDOWS\system32\GenProtect.dll]  [N/A, ]
[C:\WINDOWS\system32\Kvsc3.dll]  [N/A, ]
[C:\WINDOWS\system32\DbgHlp32.dll]  [N/A, ]
[C:\WINDOWS\system32\AVPSrv.dll]  [N/A, ]
[C:\WINDOWS\system32\PTSShell.dll]  [N/A, ]
[C:\WINDOWS\system32\MsPrint32D.dll]  [N/A, ]
[C:\WINDOWS\system32\msccrt.dll]  [N/A, ]
[C:\WINDOWS\system32\upxdnd.dll]  [N/A, ]
[C:\WINDOWS\system32\LotusHlp.dll]  [N/A, ]
[C:\WINDOWS\system32\mppds.dll]  [N/A, ]
[PID: 2040 / 所有者][C:\WINDOWS\system32\wscntfy.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\WINDOWS\system32\addrTLhelp.dll]  [N/A, ]
[C:\WINDOWS\system32\GDMSI32.dll]  [N/A, ]
[C:\WINDOWS\system32\GDCQI32.dll]  [N/A, ]
[C:\WINDOWS\system32\GDWLI32.dll]  [N/A, ]
[C:\WINDOWS\system32\GDQQHXI32.dll]  [N/A, ]
[C:\WINDOWS\system32\GDJZI32.dll]  [N/A, ]
[C:\WINDOWS\system32\GDQQSGI32.dll]  [N/A, ]
[C:\WINDOWS\system32\GDZYHXI32.dll]  [N/A, ]
[C:\WINDOWS\system32\kawdcaz.dat]  [N/A, ]
[C:\WINDOWS\system32\SOGOUPY.IME]  [Sohu.com Inc., 3, 0, 0, 0]
[C:\WINDOWS\system32\dllMergeDict.dll]  [Sogou.com Inc., 3, 0, 0, 0]
[F:\Program Files\SogouInput\Plugin\SgImeWord.dll]  [, 1, 0, 0, 31]
[C:\WINDOWS\system32\kvdxskma.dll]  [N/A, ]
[C:\WINDOWS\system32\WinForm.dll]  [N/A, ]

[C:\WINDOWS\system32\NVDispDrv.dll]  [N/A, ]
[C:\WINDOWS\system32\cmdbcs.dll]  [N/A, ]
[C:\WINDOWS\system32\GenProtect.dll]  [N/A, ]
[C:\WINDOWS\system32\Kvsc3.dll]  [N/A, ]
[C:\WINDOWS\system32\DbgHlp32.dll]  [N/A, ]
[C:\WINDOWS\system32\AVPSrv.dll]  [N/A, ]
[C:\WINDOWS\system32\PTSShell.dll]  [N/A, ]
[C:\WINDOWS\system32\MsPrint32D.dll]  [N/A, ]
[C:\WINDOWS\system32\msccrt.dll]  [N/A, ]
[C:\WINDOWS\system32\upxdnd.dll]  [N/A, ]
[C:\WINDOWS\system32\LotusHlp.dll]  [N/A, ]
[C:\WINDOWS\system32\mppds.dll]  [N/A, ]
[PID: 3600 / 所有者][C:\WINDOWS\system32\conime.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\WINDOWS\system32\addrTLhelp.dll]  [N/A, ]
[C:\WINDOWS\system32\GDMSI32.dll]  [N/A, ]
[C:\WINDOWS\system32\GDCQI32.dll]  [N/A, ]
[C:\WINDOWS\system32\GDWLI32.dll]  [N/A, ]
[C:\WINDOWS\system32\GDQQHXI32.dll]  [N/A, ]
[C:\WINDOWS\system32\GDJZI32.dll]  [N/A, ]
[C:\WINDOWS\system32\GDQQSGI32.dll]  [N/A, ]
[C:\WINDOWS\system32\GDZYHXI32.dll]  [N/A, ]
[C:\WINDOWS\system32\kawdcaz.dat]  [N/A, ]
[C:\WINDOWS\system32\SOGOUPY.IME]  [Sohu.com Inc., 3, 0, 0, 0]
[C:\WINDOWS\system32\dllMergeDict.dll]  [Sogou.com Inc., 3, 0, 0, 0]
[F:\Program Files\SogouInput\Plugin\SgImeWord.dll]  [, 1, 0, 0, 31]
[C:\WINDOWS\system32\kvdxskma.dll]  [N/A, ]
[C:\WINDOWS\system32\WinForm.dll]  [N/A, ]
[C:\WINDOWS\system32\NVDispDrv.dll]  [N/A, ]
[C:\WINDOWS\system32\cmdbcs.dll]  [N/A, ]
[C:\WINDOWS\system32\GenProtect.dll]  [N/A, ]
[C:\WINDOWS\system32\Kvsc3.dll]  [N/A, ]
[C:\WINDOWS\system32\DbgHlp32.dll]  [N/A, ]
[C:\WINDOWS\system32\AVPSrv.dll]  [N/A, ]
[C:\WINDOWS\system32\PTSShell.dll]  [N/A, ]
[C:\WINDOWS\system32\MsPrint32D.dll]  [N/A, ]
[C:\WINDOWS\system32\msccrt.dll]  [N/A, ]
[C:\WINDOWS\system32\upxdnd.dll]  [N/A, ]
[C:\WINDOWS\system32\LotusHlp.dll]  [N/A, ]
[C:\WINDOWS\system32\mppds.dll]  [N/A, ]
[PID: 5876 / 所有者][F:\Program Files\TheWorld\TheWorld.exe]  [Phoenix Studio, 1, 2, 2, 9]
[C:\WINDOWS\system32\kvdxskma.dll]  [N/A, ]
[C:\WINDOWS\system32\addrTLhelp.dll]  [N/A, ]
[C:\WINDOWS\system32\GDMSI32.dll]  [N/A, ]
[C:\WINDOWS\system32\GDCQI32.dll]  [N/A, ]
[C:\WINDOWS\system32\GDWLI32.dll]  [N/A, ]
[C:\WINDOWS\system32\GDQQHXI32.dll]  [N/A, ]
[C:\WINDOWS\system32\GDJZI32.dll]  [N/A, ]
[C:\WINDOWS\system32\GDQQSGI32.dll]  [N/A, ]
[C:\WINDOWS\system32\GDZYHXI32.dll]  [N/A, ]
[C:\WINDOWS\system32\kawdcaz.dat]  [N/A, ]
[C:\WINDOWS\system32\SOGOUPY.IME]  [Sohu.com Inc., 3, 0, 0, 0]
[C:\WINDOWS\system32\dllMergeDict.dll]  [Sogou.com Inc., 3, 0, 0, 0]
[F:\Program Files\SogouInput\Plugin\SgImeWord.dll]  [, 1, 0, 0, 31]
[C:\WINDOWS\system32\Macromed\Flash\Flash9b.ocx]  [Adobe Systems, Inc., 9,0,28,0]
[C:\WINDOWS\system32\WinForm.dll]  [N/A, ]
[C:\WINDOWS\system32\NVDispDrv.dll]  [N/A, ]
[C:\WINDOWS\system32\cmdbcs.dll]  [N/A, ]
[C:\WINDOWS\system32\GenProtect.dll]  [N/A, ]
[C:\WINDOWS\system32\Kvsc3.dll]  [N/A, ]
[C:\WINDOWS\system32\DbgHlp32.dll]  [N/A, ]
[C:\WINDOWS\system32\AVPSrv.dll]  [N/A, ]
[C:\WINDOWS\system32\PTSShell.dll]  [N/A, ]
[C:\WINDOWS\system32\MsPrint32D.dll]  [N/A, ]
[C:\WINDOWS\system32\msccrt.dll]  [N/A, ]
[C:\WINDOWS\system32\upxdnd.dll]  [N/A, ]
[C:\WINDOWS\system32\LotusHlp.dll]  [N/A, ]
[C:\WINDOWS\system32\mppds.dll]  [N/A, ]
[C:\WINDOWS\system32\DRWEBSP.DLL]  [Doctor Web, Ltd., 4.44.0.11210]
[C:\WINDOWS\system32\MsIMMs32.dll]  [N/A, ]
[C:\WINDOWS\system32\sidjfzy.dll]  [N/A, ]
[C:\WINDOWS\system32\rarjepi.dll]  [N/A, ]
[C:\WINDOWS\system32\avzxkmn.dll]  [N/A, ]
[C:\WINDOWS\system32\avwghmn.dll]  [N/A, ]
[C:\WINDOWS\system32\qdshm.dll]  [N/A, ]
[F:\Program Files\Thunder Network\Thunder\ComDlls\ThunderAgent_Now.dll]  [Thunder Networking Technologies,LTD, 5, 0, 3, 20]
[F:\Program Files\Thunder Network\Thunder\ComDlls\xunleiBHO_Now.dll]  [Thunder Networking Technologies,LTD, 5, 0, 3, 11]
[PID: 1256 / 所有者][C:\WINDOWS\system32\mstsc.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\WINDOWS\system32\addrTLhelp.dll]  [N/A, ]
[C:\WINDOWS\system32\GDMSI32.dll]  [N/A, ]
[C:\WINDOWS\system32\GDCQI32.dll]  [N/A, ]
[C:\WINDOWS\system32\GDWLI32.dll]  [N/A, ]
[C:\WINDOWS\system32\GDQQHXI32.dll]  [N/A, ]
[C:\WINDOWS\system32\GDJZI32.dll]  [N/A, ]
[C:\WINDOWS\system32\GDQQSGI32.dll]  [N/A, ]
[C:\WINDOWS\system32\GDZYHXI32.dll]  [N/A, ]
[C:\WINDOWS\system32\kawdcaz.dat]  [N/A, ]
[C:\WINDOWS\system32\SOGOUPY.IME]  [Sohu.com Inc., 3, 0, 0, 0]
[C:\WINDOWS\system32\dllMergeDict.dll]  [Sogou.com Inc., 3, 0, 0, 0]
[F:\Program Files\SogouInput\Plugin\SgImeWord.dll]  [, 1, 0, 0, 31]
[C:\WINDOWS\system32\kvdxskma.dll]  [N/A, ]
[C:\WINDOWS\system32\WinForm.dll]  [N/A, ]
[C:\WINDOWS\system32\NVDispDrv.dll]  [N/A, ]
[C:\WINDOWS\system32\cmdbcs.dll]  [N/A, ]
[C:\WINDOWS\system32\GenProtect.dll]  [N/A, ]
[C:\WINDOWS\system32\Kvsc3.dll]  [N/A, ]
[C:\WINDOWS\system32\DbgHlp32.dll]  [N/A, ]
[C:\WINDOWS\system32\AVPSrv.dll]  [N/A, ]
[C:\WINDOWS\system32\PTSShell.dll]  [N/A, ]
[C:\WINDOWS\system32\MsPrint32D.dll]  [N/A, ]
[C:\WINDOWS\system32\msccrt.dll]  [N/A, ]
[C:\WINDOWS\system32\upxdnd.dll]  [N/A, ]
[C:\WINDOWS\system32\LotusHlp.dll]  [N/A, ]
[C:\WINDOWS\system32\mppds.dll]  [N/A, ]
[PID: 3132 / 所有者][F:\Program Files\Thunder Network\Thunder\Program\Thunder5.exe]  [Thunder Networking Technologies,LTD, 5, 6, 8, 329]
[C:\WINDOWS\system32\avzxkmn.dll]  [N/A, ]
[C:\WINDOWS\system32\addrTLhelp.dll]  [N/A, ]
[C:\WINDOWS\system32\GDMSI32.dll]  [N/A, ]
[C:\WINDOWS\system32\GDCQI32.dll]  [N/A, ]
[C:\WINDOWS\system32\GDWLI32.dll]  [N/A, ]
[C:\WINDOWS\system32\GDQQHXI32.dll]  [N/A, ]
[C:\WINDOWS\system32\GDJZI32.dll]  [N/A, ]
[C:\WINDOWS\system32\GDQQSGI32.dll]  [N/A, ]
[C:\WINDOWS\system32\GDZYHXI32.dll]  [N/A, ]
[C:\WINDOWS\system32\kawdcaz.dat]  [N/A, ]
[F:\Program Files\Thunder Network\Thunder\Program\TaskManager.dll]  [Thunder Networking Technologies,LTD, 1, 1, 2, 26]
[F:\Program Files\Thunder Network\Thunder\Program\download_interface.dll]  [Thunder Networking Technologies,LTD, 2, 16, 2, 108]
[F:\Program Files\Thunder Network\Thunder\Program\stlport_vc646.dll]  [STLport Consulting, Inc., 4.6.2003.1031]
[F:\Program Files\Thunder Network\Thunder\Program\asyn_dns.dll]  [Thunder Networking Technologies,LTD, 2, 16, 2, 108]
[C:\WINDOWS\system32\DRWEBSP.DLL]  [Doctor Web, Ltd., 4.44.0.11210]
[C:\WINDOWS\system32\qdshm.dll]  [N/A, ]
[C:\WINDOWS\system32\SOGOUPY.IME]  [Sohu.com Inc., 3, 0, 0, 0]
[C:\WINDOWS\system32\dllMergeDict.dll]  [Sogou.com Inc., 3, 0, 0, 0]
[F:\Program Files\SogouInput\Plugin\SgImeWord.dll]  [, 1, 0, 0, 31]
[F:\Program Files\Thunder Network\Thunder\Program\iTargetAD.dll]  [Thunder Networking Technologies,LTD, 1, 0, 2, 29]
[F:\Program Files\Thunder Network\Thunder\Program\BHOStub.dll]  [Thunder Networking Technologies,LTD, 1, 1, 0, 8]
[F:\Program Files\Thunder Network\Thunder\Components\DownAndPlay\DownAndPlay.dll]  [, 1, 0, 0, 18]
[C:\WINDOWS\system32\kvdxskma.dll]  [N/A, ]
[C:\WINDOWS\system32\WinForm.dll]  [N/A, ]
[C:\WINDOWS\system32\NVDispDrv.dll]  [N/A, ]
[C:\WINDOWS\system32\cmdbcs.dll]  [N/A, ]
[C:\WINDOWS\system32\GenProtect.dll]  [N/A, ]
[C:\WINDOWS\system32\Kvsc3.dll]  [N/A, ]
[C:\WINDOWS\system32\DbgHlp32.dll]  [N/A, ]
[C:\WINDOWS\system32\AVPSrv.dll]  [N/A, ]
[C:\WINDOWS\system32\PTSShell.dll]  [N/A, ]
[C:\WINDOWS\system32\MsPrint32D.dll]  [N/A, ]
[C:\WINDOWS\system32\msccrt.dll]  [N/A, ]
[C:\WINDOWS\system32\upxdnd.dll]  [N/A, ]
[C:\WINDOWS\system32\LotusHlp.dll]  [N/A, ]
[C:\WINDOWS\system32\mppds.dll]  [N/A, ]
[C:\WINDOWS\system32\Macromed\Flash\Flash9b.ocx]  [Adobe Systems, Inc., 9,0,28,0]
[F:\Program Files\Thunder Network\Thunder\Program\XLNet.Dll]  [Thunder Networking Technologies,LTD, 1, 2, 1, 9]
[C:\WINDOWS\system32\avwghmn.dll]  [N/A, ]
[C:\WINDOWS\system32\rarjepi.dll]  [N/A, ]
[C:\WINDOWS\system32\sidjfzy.dll]  [N/A, ]
[C:\WINDOWS\system32\MsIMMs32.dll]  [N/A, ]
[F:\Program Files\Thunder Network\Thunder\Components\InMedia\iEmbedShell.dll]  [　, 1, 0, 0, 19]
[F:\Program Files\Thunder Network\Thunder\Components\Community\XLCommunity.dll]  [Thunder Networking Technologies,LTD, 1, 2, 1, 36]
[F:\Program Files\Thunder Network\Thunder\Components\Security\ThunderSafe.dll]  [深圳市迅雷网络技术有限公司, 1, 0, 3, 18]
[F:\Program Files\Thunder Network\Thunder\Components\Search\XLSearch.dll]  [Thunder Networking Technologies,LTD, 1, 1, 4, 15]
[F:\Program Files\Thunder Network\Thunder\Components\P4PClient\P4PClient.dll]  [Thunder Networking Technologies,LTD, 2, 2, 2, 60]
[F:\Program Files\Thunder Network\Thunder\Program\LiveUpdate.dll]  [Thunder Networking Technologies,LTD, 1, 2, 1, 20]
[F:\Program Files\Thunder Network\Thunder\Components\ExplorerHelper\ExplorerHelper.dll]  [Thunder Networking Technologies,LTD, 1, 0, 4, 15]
[F:\Program Files\Thunder Network\Thunder\Components\Tips\TipsClient.dll]  [Thunder Networking Technologies,LTD, 2, 2, 9, 97]
[F:\Program Files\Thunder Network\Thunder\Components\VPSHELL\VPSHELL.dll]  [XunLei, 1, 2, 0, 10]
[F:\Program Files\Thunder Network\Thunder\Components\UserExperience\UserExperience.dll]  [Thunder Networking Technologies,LTD, 1, 0, 0, 1]
[F:\Program Files\Thunder Network\Thunder\Components\ResWorker\DsXlCom.dll]  [, 1, 0, 0, 16]
[F:\Program Files\Thunder Network\Thunder\Components\InMedia\iEmbed10.dll]  [　, 3, 3, 1, 83]
[F:\Program Files\Thunder Network\Thunder\Program\RegisterDll.dll]  [Thunder Networking Technologies,LTD, 2, 13, 4, 58]
[F:\Program Files\Thunder Network\Thunder\Program\MSVCIRT.dll]  [Microsoft Corporation, 7.0.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[F:\Program Files\Thunder Network\Thunder\Plugins\TingTing\TingTing.dll]  [Thunder Networking Technologies,LTD, 1, 2, 2, 13]
[F:\Program Files\Thunder Network\Thunder\Plugins\BhoAdv\bho_adv.dll]  [深圳市迅雷网络技术有限公司, 1.0.1.0]
[F:\Program Files\Thunder Network\Thunder\Components\DownAndPlay\DapPlayer_Now.dll]  [XunLei, 1, 0, 1, 44]
[F:\Program Files\Thunder Network\Thunder\Components\DownloadStat\DownloadStat.dll]  [深圳市迅雷网络技术有限公司, 1, 2, 0, 4]
[F:\Program Files\Thunder Network\Thunder\Components\VPSHELL\VideoPicture.dll]  [XunLei, 1, 2, 0, 11]
[F:\Program Files\Thunder Network\Thunder\Components\ResWorker\DataProcessor_00.dll]  [Thunder Networking Technologies,LTD, 1, 0, 0, 6]
[F:\Program Files\Thunder Network\Thunder\Components\ResWorker\MediaWorker.dll]  [Thunder Networking Technologies,LTD, 1, 2, 0, 18]
[F:\Program Files\Thunder Network\Thunder\Components\Tips\XLIPC.DLL]  [Thunder Networking Technologies,LTD, 1, 0, 0, 2]
[C:\WINDOWS\system32\msdmo.dll]  [, ]
[F:\Program Files\Thunder Network\Thunder\Program\FloatBar.dll]  [Giganology Inc., 1, 0, 0, 2]
[PID: 5320 / 所有者][C:\WINDOWS\system32\rundll32.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\WINDOWS\system32\avwghmn.dll]  [N/A, ]
[C:\WINDOWS\system32\addrTLhelp.dll]  [N/A, ]
[C:\WINDOWS\system32\GDMSI32.dll]  [N/A, ]
[C:\WINDOWS\system32\GDCQI32.dll]  [N/A, ]
[C:\WINDOWS\system32\GDWLI32.dll]  [N/A, ]
[C:\WINDOWS\system32\GDQQHXI32.dll]  [N/A, ]
[C:\WINDOWS\system32\GDJZI32.dll]  [N/A, ]
[C:\WINDOWS\system32\GDQQSGI32.dll]  [N/A, ]
[C:\WINDOWS\system32\GDZYHXI32.dll]  [N/A, ]
[C:\WINDOWS\system32\b61.dll]  [  , 1, 0, 0, 3]
[C:\WINDOWS\system32\kawdcaz.dat]  [N/A, ]
[C:\WINDOWS\system32\SOGOUPY.IME]  [Sohu.com Inc., 3, 0, 0, 0]
[C:\WINDOWS\system32\dllMergeDict.dll]  [Sogou.com Inc., 3, 0, 0, 0]
[F:\Program Files\SogouInput\Plugin\SgImeWord.dll]  [, 1, 0, 0, 31]
[C:\WINDOWS\system32\qdshm.dll]  [N/A, ]
[C:\WINDOWS\system32\DRWEBSP.DLL]  [Doctor Web, Ltd., 4.44.0.11210]
[C:\WINDOWS\system32\kvdxskma.dll]  [N/A, ]
[C:\WINDOWS\system32\WinForm.dll]  [N/A, ]
[C:\WINDOWS\system32\NVDispDrv.dll]  [N/A, ]
[C:\WINDOWS\system32\cmdbcs.dll]  [N/A, ]
[C:\WINDOWS\system32\GenProtect.dll]  [N/A, ]
[C:\WINDOWS\system32\Kvsc3.dll]  [N/A, ]
[C:\WINDOWS\system32\DbgHlp32.dll]  [N/A, ]
[C:\WINDOWS\system32\AVPSrv.dll]  [N/A, ]
[C:\WINDOWS\system32\PTSShell.dll]  [N/A, ]
[C:\WINDOWS\system32\MsPrint32D.dll]  [N/A, ]
[C:\WINDOWS\system32\msccrt.dll]  [N/A, ]
[C:\WINDOWS\system32\upxdnd.dll]  [N/A, ]
[C:\WINDOWS\system32\LotusHlp.dll]  [N/A, ]
[C:\WINDOWS\system32\mppds.dll]  [N/A, ]
[PID: 4848 / 所有者][F:\Program Files\SREngPS\SREngPS.EXE]  [Smallfrogs Studio, 2.5.16.900]
[C:\WINDOWS\system32\kvdxskma.dll]  [N/A, ]
[C:\WINDOWS\system32\addrTLhelp.dll]  [N/A, ]
[C:\WINDOWS\system32\GDMSI32.dll]  [N/A, ]
[C:\WINDOWS\system32\GDCQI32.dll]  [N/A, ]
[C:\WINDOWS\system32\GDWLI32.dll]  [N/A, ]
[C:\WINDOWS\system32\GDQQHXI32.dll]  [N/A, ]
[C:\WINDOWS\system32\GDJZI32.dll]  [N/A, ]
[C:\WINDOWS\system32\GDQQSGI32.dll]  [N/A, ]
[C:\WINDOWS\system32\GDZYHXI32.dll]  [N/A, ]
[C:\WINDOWS\system32\kawdcaz.dat]  [N/A, ]
[C:\WINDOWS\system32\SOGOUPY.IME]  [Sohu.com Inc., 3, 0, 0, 0]
[C:\WINDOWS\system32\dllMergeDict.dll]  [Sogou.com Inc., 3, 0, 0, 0]
[F:\Program Files\SogouInput\Plugin\SgImeWord.dll]  [, 1, 0, 0, 31]
[C:\WINDOWS\system32\WinForm.dll]  [N/A, ]
[C:\WINDOWS\system32\NVDispDrv.dll]  [N/A, ]
[C:\WINDOWS\system32\cmdbcs.dll]  [N/A, ]
[C:\WINDOWS\system32\GenProtect.dll]  [N/A, ]
[C:\WINDOWS\system32\Kvsc3.dll]  [N/A, ]
[C:\WINDOWS\system32\DbgHlp32.dll]  [N/A, ]
[C:\WINDOWS\system32\AVPSrv.dll]  [N/A, ]
[C:\WINDOWS\system32\PTSShell.dll]  [N/A, ]
[C:\WINDOWS\system32\MsPrint32D.dll]  [N/A, ]
[C:\WINDOWS\system32\msccrt.dll]  [N/A, ]
[C:\WINDOWS\system32\upxdnd.dll]  [N/A, ]
[C:\WINDOWS\system32\LotusHlp.dll]  [N/A, ]
[C:\WINDOWS\system32\mppds.dll]  [N/A, ]
[C:\WINDOWS\system32\avwghmn.dll]  [N/A, ]
[C:\WINDOWS\system32\sidjfzy.dll]  [N/A, ]
[C:\WINDOWS\system32\rarjepi.dll]  [N/A, ]
[C:\WINDOWS\system32\avzxkmn.dll]  [N/A, ]
[C:\WINDOWS\system32\MsIMMs32.dll]  [N/A, ]
[F:\Program Files\SREngPS\Upload\3rdUpd.DLL]  [Smallfrogs Studio, 2, 1, 0, 15]
[C:\WINDOWS\system32\qdshm.dll]  [N/A, ]
[C:\WINDOWS\system32\DRWEBSP.DLL]  [Doctor Web, Ltd., 4.44.0.11210]

==================================
文件关联
.TXT  Error. [C:\WINDOWS\notepad.exe %1]
.EXE  OK. ["%1" %*]
.COM  OK. ["%1" %*]
.PIF  OK. ["%1" %*]
.REG  OK. [regedit.exe "%1"]
.BAT  OK. ["%1" %*]
.SCR  OK. ["%1" /S]
.CHM  Error. ["hh.exe" %1]
.HLP  OK. [%SystemRoot%\System32\winhlp32.exe %1]
.INI  Error. [C:\WINDOWS\System32\NOTEPAD.EXE %1]
.INF  OK. [%SystemRoot%\System32\NOTEPAD.EXE %1]
.VBS  OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.JS OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.LNK  OK. [{00021401-0000-0000-C000-000000000046}]

==================================
Winsock 提供者
MSAPI Tcpip [TCP/IP]
C:\WINDOWS\system32\qdshm.dll(, N/A)
DrWebSP.4 over [MSAFD Tcpip [TCP/IP]]
C:\WINDOWS\system32\DRWEBSP.DLL(Doctor Web, Ltd., Dr.Web Winsock Provider Hook)
DrWebSP.4 over [MSAFD Tcpip [UDP/IP]]
C:\WINDOWS\system32\DRWEBSP.DLL(Doctor Web, Ltd., Dr.Web Winsock Provider Hook)
DrWebSP.4 over [MSAFD Tcpip [RAW/IP]]
C:\WINDOWS\system32\DRWEBSP.DLL(Doctor Web, Ltd., Dr.Web Winsock Provider Hook)
DrWebSP.4 over [RSVP UDP Service Provider]
C:\WINDOWS\system32\DRWEBSP.DLL(Doctor Web, Ltd., Dr.Web Winsock Provider Hook)
DrWebSP.4 over [RSVP TCP Service Provider]
C:\WINDOWS\system32\DRWEBSP.DLL(Doctor Web, Ltd., Dr.Web Winsock Provider Hook)
DrWebSP.4
C:\WINDOWS\system32\DRWEBSP.DLL(Doctor Web, Ltd., Dr.Web Winsock Provider Hook)
MSAPI Tcpip [UDP/IP]
C:\WINDOWS\system32\qdshm.dll(, N/A)

==================================
Autorun.inf
N/A

==================================
HOSTS 文件
127.0.0.1 ad1.sina.com.cn
127.0.0.1 ad2.sina.com.cn
127.0.0.1 ad3.sina.com.cn
127.0.0.1 ad4.sina.com.cn
127.0.0.1 pop.163.com
127.0.0.1 img.163.com
127.0.0.1 ResponseMedia-ad.flycast.com
127.0.0.1 Suissa-ad.flycast.com
127.0.0.1 UGO.eu-adcenter.net
127.0.0.1 VNU.eu-adcenter.net
127.0.0.1 a32.g.a.yimg.com
127.0.0.1 ad-adex3.flycast.com
127.0.0.1 ad.adsmart.net
127.0.0.1 ad.ca.doubleclick.net
127.0.0.1 ad.de.doubleclick.net
127.0.0.1 ad.doubleclick.net
127.0.0.1 ad.fr.doubleclick.net
127.0.0.1 ad.jp.doubleclick.net
127.0.0.1 ad.linkexchange.com
127.0.0.1 ad.linksynergy.com
127.0.0.1 ad.nl.doubleclick.net
127.0.0.1 ad.no.doubleclick.net
127.0.0.1 ad.preferences.com
127.0.0.1 ad.sma.punto.net
127.0.0.1 ad.uk.doubleclick.net
127.0.0.1 ad.webprovider.com
127.0.0.1 ad08.focalink.com
127.0.0.1 adcontroller.unicast.com
127.0.0.1 adcreatives.imaginemedia.com
127.0.0.1 adex3.flycast.com
127.0.0.1 adforce.ads.imgis.com
127.0.0.1 adforce.imgis.com
127.0.0.1 adfu.blockstackers.com
127.0.0.1 adimage.blm.net
127.0.0.1 adimages.earthweb.com
127.0.0.1 adimg.egroups.com
127.0.0.1 admedia.xoom.com
127.0.0.1 adpick.switchboard.com
127.0.0.1 adremote.pathfinder.com
127.0.0.1 ads.admaximize.com
127.0.0.1 ads.bfast.com
127.0.0.1 ads.clickhouse.com
127.0.0.1 ads.enliven.com
127.0.0.1 ads.fairfax.com.au
127.0.0.1 ads.fool.com
127.0.0.1 ads.freshmeat.net
127.0.0.1 ads.hollywood.com
127.0.0.1 ads.i33.com
127.0.0.1 ads.infi.net
127.0.0.1 ads.jwtt3.com
127.0.0.1 ads.link4ads.com
127.0.0.1 ads.lycos.com
127.0.0.1 ads.madison.com
127.0.0.1 ads.mediaodyssey.com
127.0.0.1 ads.msn.com
127.0.0.1 ads.ninemsn.com.au
127.0.0.1 ads.seattletimes.com
127.0.0.1 ads.smartclicks.com
127.0.0.1 ads.smartclicks.net
127.0.0.1 ads.sptimes.com
127.0.0.1 ads.tripod.com
127.0.0.1 ads.web.aol.com
127.0.0.1 ads.x10.com
127.0.0.1 ads.xtra.co.nz
127.0.0.1 ads.zdnet.com
127.0.0.1 ads01.focalink.com
127.0.0.1 ads02.focalink.com
127.0.0.1 ads03.focalink.com
127.0.0.1 ads04.focalink.com
127.0.0.1 ads05.focalink.com
127.0.0.1 ads06.focalink.com
127.0.0.1 ads08.focalink.com
127.0.0.1 ads09.focalink.com
127.0.0.1 ads1.activeagent.at
127.0.0.1 ads10.focalink.com
127.0.0.1 ads11.focalink.com
127.0.0.1 ads12.focalink.com
127.0.0.1 ads14.focalink.com
127.0.0.1 ads16.focalink.com
127.0.0.1 ads17.focalink.com
127.0.0.1 ads18.focalink.com
127.0.0.1 ads19.focalink.com
127.0.0.1 ads2.zdnet.com
127.0.0.1 ads20.focalink.com
127.0.0.1 ads21.focalink.com
127.0.0.1 ads22.focalink.com
127.0.0.1 ads23.focalink.com
127.0.0.1 ads24.focalink.com
127.0.0.1 ads25.focalink.com
127.0.0.1 ads3.zdnet.com
127.0.0.1 ads5.gamecity.net
127.0.0.1 adserv.iafrica.com
127.0.0.1 adserv.quality-channel.de
127.0.0.1 adserver.dbusiness.com
127.0.0.1 adserver.garden.com
127.0.0.1 adserver.janes.com
127.0.0.1 adserver.merc.com
127.0.0.1 adserver.monster.com
127.0.0.1 adserver.track-star.com
127.0.0.1 adserver1.ogilvy-interactive.de
127.0.0.1 adtegrity.spinbox.net
127.0.0.1 antfarm-ad.flycast.com
127.0.0.1 au.ads.link4ads.com
127.0.0.1 banner.media-system.de
127.0.0.1 banner.orb.net
127.0.0.1 banner.relcom.ru
127.0.0.1 banners.easydns.com
127.0.0.1 banners.looksmart.com
127.0.0.1 banners.wunderground.com
127.0.0.1 barnesandnoble.bfast.com
127.0.0.1 beseenad.looksmart.com
127.0.0.1 bizad.nikkeibp.co.jp
127.0.0.1 bn.bfast.com
127.0.0.1 c3.xxxcounter.com
127.0.0.1 califia.imaginemedia.com
127.0.0.1 cds.mediaplex.com
127.0.0.1 click.avenuea.com
127.0.0.1 click.go2net.com
127.0.0.1 click.linksynergy.com
127.0.0.1 cookies.cmpnet.com
127.0.0.1 cornflakes.pathfinder.com
127.0.0.1 counter.hitbox.com
127.0.0.1 crux.songline.com
127.0.0.1 erie.smartage.com
127.0.0.1 etad.telegraph.co.uk
127.0.0.1 fp.valueclick.com
127.0.0.1 gadgeteer.pdamart.com
127.0.0.1 gm.preferences.com
127.0.0.1 gp.dejanews.com
127.0.0.1 hg1.hitbox.com
127.0.0.1 image.click2net.com
127.0.0.1 image.eimg.com
127.0.0.1 images2.nytimes.com
127.0.0.1 jobkeys.ngadcenter.net
127.0.0.1 kansas.valueclick.com
127.0.0.1 leader.linkexchange.com
127.0.0.1 liquidad.narrowcastmedia.com
127.0.0.1 ln.doubleclick.net
127.0.0.1 m.doubleclick.net
127.0.0.1 macaddictads.snv.futurenet.com
127.0.0.1 maximumpcads.imaginemedia.com
127.0.0.1 media.preferences.com
127.0.0.1 mercury.rmuk.co.uk
127.0.0.1 mojofarm.sjc.mediaplex.com
127.0.0.1 nbc.adbureau.net
127.0.0.1 newads.cmpnet.com
127.0.0.1 ng3.ads.warnerbros.com
127.0.0.1 ngads.smartage.com
127.0.0.1 nsads.hotwired.com
127.0.0.1 ntbanner.digitalriver.com
127.0.0.1 ph-ad05.focalink.com
127.0.0.1 ph-ad07.focalink.com
127.0.0.1 ph-ad16.focalink.com
127.0.0.1 ph-ad17.focalink.com
127.0.0.1 ph-ad18.focalink.com
127.0.0.1 rd.yahoo.com
127.0.0.1 realads.realmedia.com
127.0.0.1 redherring.ngadcenter.net
127.0.0.1 redirect.click2net.com
127.0.0.1 regio.adlink.de
127.0.0.1 retaildirect.realmedia.com
127.0.0.1 s2.focalink.com
127.0.0.1 sh4sure-images.adbureau.net
127.0.0.1 spin.spinbox.net
127.0.0.1 static.admaximize.com
127.0.0.1 stats.superstats.com
127.0.0.1 sview.avenuea.com
127.0.0.1 thinknyc.eu-adcenter.net
127.0.0.1 tracker.clicktrade.com
127.0.0.1 tsms-ad.tsms.com
127.0.0.1 v0.extreme-dm.com
127.0.0.1 v1.extreme-dm.com
127.0.0.1 van.ads.link4ads.com
127.0.0.1 view.accendo.com
127.0.0.1 view.avenuea.com
127.0.0.1 w113.hitbox.com
127.0.0.1 w25.hitbox.com
127.0.0.1 web2.deja.com
127.0.0.1 webads.bizservers.com
127.0.0.1 www.PostMasterBannerNet.com
127.0.0.1 www.ad-up.com
127.0.0.1 www.admex.com
127.0.0.1 www.alladvantage.com
127.0.0.1 www.burstnet.com
127.0.0.1 www.commission-junction.com
127.0.0.1 www.eads.com
127.0.0.1 www.freestats.com
127.0.0.1 www.imaginemedia.com
127.0.0.1 www.netdirect.nl
127.0.0.1 www.oneandonlynetwork.com
127.0.0.1 www.targetshop.com
127.0.0.1 www.teknosurf2.com
127.0.0.1 www.teknosurf3.com
127.0.0.1 www.valueclick.com
127.0.0.1 www.websitefinancing.com
127.0.0.1 www2.burstnet.com
127.0.0.1 www4.trix.net
127.0.0.1 www80.valueclick.com
127.0.0.1 z.extreme-dm.com
127.0.0.1 z0.extreme-dm.com
127.0.0.1 z1.extreme-dm.com
127.0.0.1 ads.rediff.com
127.0.0.1 ads.indya.com
127.0.0.1 ads.adflight.com
127.0.0.1 ads.beguide.net
127.0.0.1 ads.mediaturf.net
127.0.0.1 ad1.adcept.net
127.0.0.1 ad2.adcept.net
127.0.0.1 ad3.adcept.net
127.0.0.1 ads.fortunecity.com
127.0.0.1 localhost

==================================
进程特权扫描
特殊特权被允许： SeDebugPrivilege [PID = 4252, C:\PROGRAM FILES\MICROSOFT ACTIVESYNC\WCESCOMM.EXE]
特殊特权被允许： SeLoadDriverPrivilege [PID = 4252, C:\PROGRAM FILES\MICROSOFT ACTIVESYNC\WCESCOMM.EXE]
特殊特权被允许： SeDebugPrivilege [PID = 5720, C:\PROGRA~1\MICROS~2\RAPIMGR.EXE]
特殊特权被允许： SeLoadDriverPrivilege [PID = 5720, C:\PROGRA~1\MICROS~2\RAPIMGR.EXE]
特殊特权被允许： SeDebugPrivilege [PID = 5876, F:\PROGRAM FILES\THEWORLD\THEWORLD.EXE]
特殊特权被允许： SeLoadDriverPrivilege [PID = 5876, F:\PROGRAM FILES\THEWORLD\THEWORLD.EXE]
特殊特权被允许： SeDebugPrivilege [PID = 3132, F:\PROGRAM FILES\THUNDER NETWORK\THUNDER\PROGRAM\THUNDER5.EXE]
特殊特权被允许： SeLoadDriverPrivilege [PID = 3132, F:\PROGRAM FILES\THUNDER NETWORK\THUNDER\PROGRAM\THUNDER5.EXE]

==================================
API HOOK
N/A

==================================
隐藏进程
N/A

==================================

收藏10个帖子点亮QQ新图标，超酷！点击下面按钮即可收藏到QQ书签

搜索更多相关主题的帖子: log spengps 系统高手附上

TOP

M58540

中级会员

Rank: 7 Rank: 7 Rank: 7

积分: 192
威望: 0 点
金币: 119 枚
银币: 729 枚

2楼大中小发表于 2007-12-16 23:20 只看该作者

1.建议使用XDelBox删除以下文件：(XDelBox下载)
使用说明：删除时复制所有要删除文件的路径，在待删除文件列表里点击右键选择剪贴板导入不检查路径，导入后在要删除文件上点击右键，选择立刻重启删除，电脑会重启进入DOS界面进行删除操作。运行xdelbox前请卸载所有可移动存储设备。

c:\windows\system32\vcplay.exe
c:\windows\system32\kvdxskma.dll
c:\windows\system32\svchost.dll
c:\windows\system32\qdshm.dll
c:\windows\215366wl.dll
c:\windows\downlo~1\czrsse0.dll
c:\windows\downlo~1\x8z.dll
c:\windows\system32\6651.dll
c:\windows\system32\addrtlhelp.dll
c:\windows\system32\avpsrv.dll
c:\windows\system32\avwghmn.dll
c:\windows\system32\avzxkmn.dll
c:\windows\system32\cmdbcs.dll
c:\windows\system32\dbghlp32.dll
c:\windows\system32\genprotect.dll
c:\windows\system32\j59a5r.dll
c:\windows\system32\kawdcaz.dat
c:\windows\system32\kvsc3.dll
c:\windows\system32\lotushlp.dll
c:\windows\system32\mppds.dll
c:\windows\system32\msccrt.dll
c:\windows\system32\msimms32.dll
c:\windows\system32\msprint32d.dll
c:\windows\system32\nvdispdrv.dll
c:\windows\system32\ptsshell.dll
c:\windows\system32\qgkacivpbfxbn.dll
c:\windows\system32\rarjepi.dll
c:\windows\system32\sidjfzy.dll
c:\windows\system32\upxdnd.dll
c:\windows\system32\vcshow.dll
c:\windows\system32\winform.dll
c:\windows\system32\65311.exe
c:\windows\system32\gdcqi32.dll
c:\windows\system32\gdjzi32.dll
c:\windows\system32\gdmsi32.dll
c:\windows\system32\gdqqhxi32.dll
c:\windows\system32\gdqqsgi32.dll
c:\windows\system32\gdwli32.dll
c:\windows\system32\gdzyhxi32.dll
c:\windows\system32\cwebpage.dll
c:\windows\system32\systdsvr.dll
c:\windows\system32\vchelp.exe
c:\windows\system32\com\comrecfg.exe
c:\windows\system32\kawdcaz.exe
c:\windows\winform.exe
c:\windows\215366m.exe
c:\windows\upxdnd.exe
c:\windows\msimms32.exe
c:\windows\ptsshell.exe
c:\windows\215366l.exe
c:\windows\lotushlp.exe
c:\windows\msccrt.exe
c:\windows\cmdbcs.exe
c:\windows\avpsrv.exe
c:\windows\msprint32d.exe
c:\windows\nvdispdrv.exe
c:\windows\dbghlp32.exe
c:\windows\kvsc3.exe
c:\windows\mppds.exe
c:\windows\genprotect.exe
c:\windows\downlo~1\czrsse0.dll
c:\windows\downlo~1\x8z.dll
c:\program files\microsoft office\system\dodolook_7591.exe
c:\windows\system32\drivers\2cimgu.sys
c:\docume~1\所有者\locals~1\temp\tmp36.tmp
c:\windows\system32\drivers\sjrv6a.sys
c:\windows\system32\drivers\comint32.sys
c:\windows\system32\cdcd.sys
c:\windows\system32\drivers\bwelra62.sys
c:\windows\system32\drivers\comint32.sys
c:\program files\common files\cpush\cpush0.dll
c:\windows\system32\promote.dll
c:\documents and settings\all users\application data\microsoft\pctools\pctools.dll

2.删除重启后使用SREng：

启动项目－－注册表之如下项删除：
[{B859245F-345D-BC13-AC4F-145D47DA34FB}] <C:\WINDOWS\system32\avzxkmn.dll>
[{BD561258-45F3-A451-F908-A258458226DB}] <C:\WINDOWS\system32\kvdxskma.dll>
[{5598FF45-DA60-F48A-BC43-10AC47853D55}] <C:\WINDOWS\system32\rarjepi.dll>
[{68847374-8323-FADC-B443-4732ABCD3786}] <C:\WINDOWS\system32\sidjfzy.dll>
[{8A1247C1-53DA-FF43-ABD3-345F323A48D8}] <C:\WINDOWS\system32\avwghmn.dll>
[comrepl32] <C:\windows\system32\com\comrecfg.exe>
[kawdcaz] <C:\WINDOWS\system32\kawdcaz.exe>
[WinForm] <C:\WINDOWS\WinForm.exE>
[Sysmppcvppp] <"C:\WINDOWS\system32\Rundll32.exe" "C:\WINDOWS\system32\SysTdSvr.dll",Start>
[WinSysM] <C:\WINDOWS\215366M.exe>
[upxdnd] <C:\WINDOWS\upxdnd.exe>
[MsIMMs32] <C:\WINDOWS\MsIMMs32.exE>
[PTSShell] <C:\WINDOWS\PTSShell.exe>
[WinSysW] <C:\WINDOWS\215366L.exe>
[LotusHlp] <C:\WINDOWS\LotusHlp.exe>
[msccrt] <C:\WINDOWS\msccrt.exe>
[cmdbcs] <C:\WINDOWS\cmdbcs.exe>
[AVPSrv] <C:\WINDOWS\AVPSrv.exE>
[MsPrint32D] <C:\WINDOWS\MsPrint32D.exe>
[NVDispDrv] <C:\WINDOWS\NVDispDRV.EXE>
[DbgHlp32] <C:\WINDOWS\DbgHlp32.exe>
[Kvsc3] <C:\WINDOWS\Kvsc3.exE>
[mppds] <C:\WINDOWS\mppds.exe>
[GenProtect] <C:\WINDOWS\GenProtect.exE>
[czrsse0] <rundll32 "C:\WINDOWS\Downlo~1\czrsse0.dll",start>
[x8z] <rundll32 "C:\WINDOWS\Downlo~1\x8z.dll",Run>

找到<AppInit_DLLs> 双击该项，清空里面内容后保存
找到<shell>，双击该项，把<Explorer.exe vchelp.exe>修改为<Explorer.exe>即清除Explorer.exe后面的内容

删除下面的服务（运行SRENG--->启动项目--->服务--->Win32服务应用程序--->勾选隐藏已认证的微软项目--->选择要删除服务--->选择删除服务--->点击设置--->出现提示里选择否，确认删除。如果删除不了Win32服务应用程序=>修改启动类型Disabled=>设置）

[ms_2fax / ms_2fax] <C:\WINDOWS\system32\65311.exe>
[Windows Advanced Manager / wamer] <"C:\Program Files\Microsoft Office\SYSTEM\dodolook_7591.exe">
[svchost / svchost] <C:\WINDOWS\system32\dllcache\svchost.exe -g>
[ServicevcHelp / ServicevcHelp] <C:\WINDOWS\system32\vcplay.exe>

删除下面的驱动（运行SRENG--->启动项目--->服务--->驱动程序--->勾选隐藏已认证的微软项目--->选择要删除的驱动--->选择删除服务--->点击设置--->出现提示里选择否，确认删除。）

[2cimgu / 2cimgu] <\??\C:\WINDOWS\system32\drivers\2cimgu.sys>
[WL / WL] <\??\C:\DOCUME~1\所有者\LOCALS~1\Temp\tmp36.tmp>
[sjrv6 / sjrv6a] <\SystemRoot\System32\DRIVERS\sjrv6a.sys>
[comint32 / comint32] <\??\C:\WINDOWS\system32\DRIVERS\comint32.sys>
[Cdsys / Cdsys] <\??\C:\WINDOWS\System32\cdcd.sys>
[bwelra6 / bwelra62] <\SystemRoot\System32\DRIVERS\bwelra62.sys>
[RAS Asynchronous Media Driver / AsyncMac] <system32\DRIVERS\comint32.sys>

删除浏览器加载项（运行SRENG--->系统修复--->浏览器加载项--->选择要删除的内容--->出理提示里选择"是"。）

[] <C:\WINDOWS\system32\qgkacivpbfxbn.dll>
[CAdLogic Object] <C:\Program Files\Common Files\CPUSH\cpush0.dll>
[Promote Class] <C:\WINDOWS\system32\promote.dll>
[Invoke Class] <C:\WINDOWS\system32\6651.dll>
[] <C:\WINDOWS\system32\qgkacivpbfxbn.dll>
[CAdLogic Object] <C:\Program Files\Common Files\CPUSH\cpush0.dll>
[Info cache] <C:\Documents and Settings\All Users\Application Data\Microsoft\PCTools\pctools.dll>
[Info cache] <C:\Documents and Settings\All Users\Application Data\Microsoft\PCTools\pctools.dll>

下载windows清理助手清理恶意软件
http://www.arswp.com/download/arswp2/arswp2.zip

清理之后,再用杀软全盘查杀一遍!

TOP

东莞祥哥

中级会员

Rank: 7 Rank: 7 Rank: 7

积分: 475
威望: 0 点
金币: 405 枚
银币: 696 枚

3楼大中小发表于 2007-12-16 23:20 只看该作者

1.建议使用XDelBox删除以下文件：(XDelBox1.6下载)
使用说明：删除时复制所有要删除文件的路径，在待删除文件列表里点击右键选择从剪贴板导入，导入后在要删除文件上点击右键，选择立刻重启删除，电脑会重启进入DOS界面进行删除操作。运行xdelbox前最好卸载所有可移动存储介质（包括U盘，MP3，手机存储卡等）。

c:\windows\system32\vcplay.exe
c:\windows\system32\kvdxskma.dll
c:\windows\system32\qdshm.dll
c:\windows\215366wl.dll
c:\windows\system32\6651.dll
c:\windows\system32\addrtlhelp.dll
c:\windows\system32\avpsrv.dll
c:\windows\system32\avwghmn.dll
c:\windows\system32\avzxkmn.dll
c:\windows\system32\cmdbcs.dll
c:\windows\system32\dbghlp32.dll
c:\windows\system32\genprotect.dll
c:\windows\system32\j59a5r.dll
c:\windows\system32\kawdcaz.dat
c:\windows\system32\kvsc3.dll
c:\windows\system32\lotushlp.dll
c:\windows\system32\mppds.dll
c:\windows\system32\msccrt.dll
c:\windows\system32\msimms32.dll
c:\windows\system32\msprint32d.dll
c:\windows\system32\nvdispdrv.dll
c:\windows\system32\ptsshell.dll
c:\windows\system32\qgkacivpbfxbn.dll
c:\windows\system32\rarjepi.dll
c:\windows\system32\sidjfzy.dll
c:\windows\system32\upxdnd.dll
c:\windows\system32\winform.dll
c:\windows\system32\vcshow.dll
c:\windows\system32\65311.exe
c:\windows\system32\gdcqi32.dll
c:\windows\system32\gdjzi32.dll
c:\windows\system32\gdmsi32.dll
c:\windows\system32\gdqqhxi32.dll
c:\windows\system32\gdqqsgi32.dll
c:\windows\system32\gdwli32.dll
c:\windows\system32\gdzyhxi32.dll
c:\windows\system32\systdsvr.dll
c:\windows\system32\b61.dll
c:\windows\system32\kvdxskma.dll
c:\windows\system32\com\comrecfg.exe
c:\windows\system32\kawdcaz.exe
c:\windows\winform.exe
c:\windows\system32\systdsvr.dll
c:\windows\215366m.exe
c:\windows\upxdnd.exe
c:\windows\msimms32.exe
c:\windows\ptsshell.exe
c:\windows\215366l.exe
c:\windows\lotushlp.exe
c:\windows\msccrt.exe
c:\windows\cmdbcs.exe
c:\windows\avpsrv.exe
c:\windows\msprint32d.exe
c:\windows\nvdispdrv.exe
c:\windows\dbghlp32.exe
c:\windows\kvsc3.exe
c:\windows\mppds.exe
c:\windows\genprotect.exe
c:\windows\downlo~1\czrsse0.dll
c:\windows\downlo~1\x8z.dll
c:\windows\htqd.exe
c:\program files\microsoft office\system\dodolook_7591.exe
c:\windows\system32\dllcache\svchost.exe
c:\docume~1\所有者\locals~1\temp\tmp36.tmp
c:\windows\system32\drivers\sjrv6a.sys
c:\windows\system32\new.sys
c:\windows\system32\drivers\comint32.sys
c:\windows\system32\cdcd.sys
c:\windows\system32\drivers\comint32.sys
c:\windows\system32\drivers\bwelra62.sys
c:\documents and settings\all users\application data\kaspersky anti-virus personal\5.0\bases\ids0018a.sys
c:\documents and settings\all users\application data\kaspersky anti-virus personal\5.0\bases\ids00180.sys
c:\documents and settings\all users\application data\kaspersky anti-virus personal\5.0\bases\ids0015d.sys
c:\documents and settings\all users\application data\kaspersky anti-virus personal\5.0\bases\ids0014f.sys
c:\documents and settings\all users\application data\kaspersky anti-virus personal\5.0\bases\ids00118.sys
c:\documents and settings\all users\application data\kaspersky anti-virus personal\5.0\bases\ids00102.sys
c:\documents and settings\all users\application data\kaspersky anti-virus personal\5.0\bases\ids0005c.sys
c:\documents and settings\all users\application data\kaspersky anti-virus personal\5.0\bases\ids0004c.sys
c:\program files\common files\cpush\cpush0.dll
c:\windows\system32\promote.dll
c:\documents and settings\all users\application data\microsoft\pctools\pctools.dll
c:\windows\system32\alxtb1.dll

楼主好像没装卡巴，干脆删除c:\documents and settings\all users\application data\kaspersky anti-virus personal\ 这个文件夹

2.删除重启后使用SREng修复下面各项：

启动项目－－注册表之如下项删除：
[{BD561258-45F3-A451-F908-A258458226DB}] <C:\WINDOWS\system32\kvdxskma.dll>
[{5598FF45-DA60-F48A-BC43-10AC47853D55}] <C:\WINDOWS\system32\rarjepi.dll>
[{68847374-8323-FADC-B443-4732ABCD3786}] <C:\WINDOWS\system32\sidjfzy.dll>
[{8A1247C1-53DA-FF43-ABD3-345F323A48D8}] <C:\WINDOWS\system32\avwghmn.dll>
注意该项[AppInit_DLLs]修改：把<kvdxskma.dll>修改为<>即清空
注意该项[shell]修改：把<Explorer.exe vchelp.exe>修改为<Explorer.exe>即清除Explorer.exe后面的内容
[comrepl32] <C:\windows\system32\com\comrecfg.exe>
[kawdcaz] <C:\WINDOWS\system32\kawdcaz.exe>
[WinForm] <C:\WINDOWS\WinForm.exE>
[Sysmppcvppp] <"C:\WINDOWS\system32\Rundll32.exe" "C:\WINDOWS\system32\SysTdSvr.dll",Start>
[WinSysM] <C:\WINDOWS\215366M.exe>
[upxdnd] <C:\WINDOWS\upxdnd.exe>
[MsIMMs32] <C:\WINDOWS\MsIMMs32.exE>
[PTSShell] <C:\WINDOWS\PTSShell.exe>
[WinSysW] <C:\WINDOWS\215366L.exe>
[LotusHlp] <C:\WINDOWS\LotusHlp.exe>
[msccrt] <C:\WINDOWS\msccrt.exe>
[cmdbcs] <C:\WINDOWS\cmdbcs.exe>
[AVPSrv] <C:\WINDOWS\AVPSrv.exE>
[MsPrint32D] <C:\WINDOWS\MsPrint32D.exe>
[NVDispDrv] <C:\WINDOWS\NVDispDRV.EXE>
[DbgHlp32] <C:\WINDOWS\DbgHlp32.exe>
[Kvsc3] <C:\WINDOWS\Kvsc3.exE>
[mppds] <C:\WINDOWS\mppds.exe>
[GenProtect] <C:\WINDOWS\GenProtect.exE>
[czrsse0] <rundll32 "C:\WINDOWS\Downlo~1\czrsse0.dll",start>
[x8z] <rundll32 "C:\WINDOWS\Downlo~1\x8z.dll",Run>
[HT] <; C:\WINDOWS\htqd.exe>

启动项目－－服务－－ Win32服务应用程序之如下项删除：
[ms_2fax / ms_2fax] <C:\WINDOWS\system32\65311.exe>
[Windows Advanced Manager / wamer] <"C:\Program Files\Microsoft Office\SYSTEM\dodolook_7591.exe">
[svchost / svchost] <C:\WINDOWS\system32\dllcache\svchost.exe -g>
[ServicevcHelp / ServicevcHelp] <C:\WINDOWS\system32\vcplay.exe>

启动项目－－服务－－驱动程序之如下项删除：
[WL / WL] <\??\C:\DOCUME~1\所有者\LOCALS~1\Temp\tmp36.tmp>
[sjrv6 / sjrv6a] <\SystemRoot\System32\DRIVERS\sjrv6a.sys>
[New0 / New0] <\??\C:\WINDOWS\System32\new.sys>
[comint32 / comint32] <\??\C:\WINDOWS\system32\DRIVERS\comint32.sys>
[Cdsys / Cdsys] <\??\C:\WINDOWS\System32\cdcd.sys>
[RAS Asynchronous Media Driver / AsyncMac] <system32\DRIVERS\comint32.sys>
[bwelra6 / bwelra62] <\SystemRoot\System32\DRIVERS\bwelra62.sys>
[ids0018a / ids0018a] <\??\C:\Documents and Settings\All Users\Application Data\Kaspersky Anti-Virus Personal\5.0\bases\ids0018a.sys>
[ids00180 / ids00180] <\??\C:\Documents and Settings\All Users\Application Data\Kaspersky Anti-Virus Personal\5.0\bases\ids00180.sys>
[ids0015d / ids0015d] <\??\C:\Documents and Settings\All Users\Application Data\Kaspersky Anti-Virus Personal\5.0\bases\ids0015d.sys>
[ids0014f / ids0014f] <\??\C:\Documents and Settings\All Users\Application Data\Kaspersky Anti-Virus Personal\5.0\bases\ids0014f.sys>
[ids00118 / ids00118] <\??\C:\Documents and Settings\All Users\Application Data\Kaspersky Anti-Virus Personal\5.0\bases\ids00118.sys>
[ids00102 / ids00102] <\??\C:\Documents and Settings\All Users\Application Data\Kaspersky Anti-Virus Personal\5.0\bases\ids00102.sys>
[ids0005c / ids0005c] <\??\C:\Documents and Settings\All Users\Application Data\Kaspersky Anti-Virus Personal\5.0\bases\ids0005c.sys>
[ids0004C / ids0004C] <\??\C:\Documents and Settings\All Users\Application Data\Kaspersky Anti-Virus Personal\5.0\bases\ids0004C.sys>

系统修复－－　浏览器加载项之如下项删除：
[Invoke Class] <C:\WINDOWS\system32\6651.dll>
[] <C:\WINDOWS\system32\qgkacivpbfxbn.dll>
[CAdLogic Object] <C:\Program Files\Common Files\CPUSH\cpush0.dll>
[Promote Class] <C:\WINDOWS\system32\promote.dll>
[Invoke Class] <C:\WINDOWS\system32\6651.dll>
[] <C:\WINDOWS\system32\qgkacivpbfxbn.dll>
[CAdLogic Object] <C:\Program Files\Common Files\CPUSH\cpush0.dll>
[Info cache] <C:\Documents and Settings\All Users\Application Data\Microsoft\PCTools\pctools.dll>
[AlxTB BHO Class] <C:\WINDOWS\system32\AlxTB1.dll>
[AlxTB BHO Class] <C:\WINDOWS\system32\AlxTB1.dll>

下载windows清理助手升级后清理恶意软件
http://www.arswp.com/download/arswp2/arswp2.zip

下载临时文件清理工具
http://www.dodudou.com/down/ATF-Cleaner-cn.exe
重置winsock!

TOP

大班

中级会员

Rank: 7 Rank: 7 Rank: 7

积分: 141
威望: 0 点
金币: 93 枚
银币: 475 枚

4楼大中小发表于 2007-12-16 23:20 只看该作者

搞定了，谢谢两位的大力支持

TOP